How to use the fuser command in Linux

But command line pros will likely have an idea that a command line utility in Linux lets you identify processes based on the files (directories, or sockets) they are accessing. Not only that, the tool also allows you to kill these processes, so you don't have to use the kill or killall commands separately. The command line utility we're talking about is fuser.

If you aren't yet aware of this utility and want to understand how to use it, look no further, as in this article, we will discuss fuser in detail through some easy-to-understand examples.

But before we move ahead, please keep in mind that all the examples, command, and instructions mentioned in this tutorial have been tested on Ubuntu 22.04 LTS.

Linux fuser command

As I've already mentioned above, the fuser command is primarily used to identify processes using files, directories, or sockets. The tool displays the PIDs of processes that are using the file whose name is passed as an argument to the command.

Here's the fuser command in action in its most basic form:

As clear from the screenshot above, we tried using fuser to know which processes are using the /home/himanshu directory, and the command - in its output - produced a list of process IDs. So far so good, but there are couple of problems here.

Firstly, what's that 'c' appended to each PID? A quick look at the command's man page reveals that in the default display mode, the fuser command not only displays the PIDs of processes accessing the file or directory, but displays the type of access as well.

Each type of access is denoted by a letter:

c - current directory.
e - executable being run.
f - open file. f is omitted in default display mode.
F - open file for writing. F is omitted in default display mode.
r - root directory.
m - mmap'ed file or shared library.

Now, coming back to the example we were discussing, the letter 'c' in the output indicates that all the processes whose PIDs are listed in the output are accessing the /home/himanshu directory as their current directory.

Keep in mind that a process can have multiple types of accesses for a file or directory. For example, the following output shows that many processes are accessing the root (/) directory as their current and root directory.

Until now, the fuser output we're seeing contains only process IDs, and nothing more than that. Won't it be better if the process names are also displayed? Well, for that you need to use the -v command line option. Following is an example:

Moving on, to append the user name of the process owner to each PID, use the -u command line option. Here's an example for that:

Note: If the file or directory in question is located on a mounted file system or a block device, then use the -m command line option. "All processes accessing files on that file system are listed," the man page says. "If a directory file is specified, it is automatically changed to NAME/. to use any file system that might be mounted on that directory."

How to kill processes using fuser

Now that we've discussed the fuser basics, let's come to the task I mentioned in the beginning - how to kill processes using fuser? Let's take a simpler example for this case. What I'll do is, I'll run an executable and while it's running, I'll try killing the process using fuser.

So, here's the executable that has been launched:

And here's the fuser command that should ideally kill the process initiated by the test-fuser executable.

fuser -v -k test-fuser

Oh, before I go ahead and execute this command, let me tell you that the -k command line option tells fuser to kill the process (or processes) using the file or directory.

Here's what happened when the above-mentioned command was executed:

As clear from the screenshot above, using the -k command line option with fuser killed the test-fuser process. To ensure that the fuser command asks for user's confirmation before killing a process, use the -i option. See the example below:

Following are a couple of important fuser-related details that you should know while using the -k option:

With -k, the fuser command sends the SIGKILL signal by default. But you can change this behavior by using the -SIGNAL option.
A fuser process never kills itself but may kill other fuser processes.

fuser - other details

Aside from the information mentioned so far, several other details are worth keeping in mind. All that information can be accessed by heading to the command's man page. For example, the following is the information that the fuser man page lists in the 'Restrictions' section:

       Processes accessing the same file or file system several times  in  the
       same way are only shown once.

       If the same object is specified several times on the command line, some
       of those entries may be ignored.

       fuser may only be able to gather partial information  unless  run  with
       privileges.   As  a consequence, files opened by processes belonging to
       other users may not be listed and  executables  may  be  classified  as
       mapped only.

       Installing  fuser SUID root will avoid problems associated with partial
       information, but may be undesirable for security and privacy reasons.

       udp and tcp name spaces, and UNIX domain sockets can't be searched with
       kernels older than 1.3.78.

       Accesses by the kernel are only shown with the -v option.

       The  -k  option  only  works  on processes.  If the user is the kernel,
       fuser will print an advice, but take no action beyond that.

Conclusion

As you would have understood by now, fuser is an extremely useful command line utility in Linux. The good thing is that the tool is neither hard to understand, nor to use, so even newbies can easily get started with it. One aspect we didn't touch here is that the command allows you to identify and even kill processes running on particular ports, making it a hard-to-ignore tool for network admins.

Log in or Sign up