Linux track all files accessed by process?

linux file trace
Tom B picture Tom B · Dec 11, 2014 · Viewed 16.3k times · Source

Is there a way to track all file I/O for a given process? All I really need is the locations of files being read from/written to from a given process (and ideally if it was a read or write operation although that's not as important).

I can run the process and track it rather than needing to attach to an existing process which I would assume is significantly simpler. Is there any kind of wrapper utility I can run a process though that will monitor file access?

Answer

Gilles Quenot picture Gilles Quenot · Dec 11, 2014

Try doing this as a starter :

lsof -p <PID>

this command will list all opened files, fd, sockets...

For your special needs, see what I can offer as a solution to monitor a php script :

php foo.php & _pid=$!
lsof -r1 -p $_pid
kill %1 # if you want to kill php script

As a better alternative, I recommend the use of strace :

strace -f -t -e trace=file php foo.php

or for an already running process :

strace -f -t -e trace=file -p <PID>

Related questions

How to create a file in Linux from terminal window?

What's the easiest way to create a file in Linux terminal?

Read More
How to get full path of a file?

Is there an easy way I can print the full path of file.txt ? file.txt = /nfs/an/disks/jj/home/dir/file.txt The <command> dir> <command> file.txt should print /nfs/an/disks/…

Read More
How can I see the size of files and directories in linux?

How can I see the size of files and directories in Linux? If use df -m, then it shows the size of all the directory at the top level, but, for the directories and files inside the directory, how do …

Read More