Happen
使用 RPC 很久了,但是一直使用的是 tcpdump
,某天我需要在服务器上确认某个端口是否被 RPC 服务占用的时候,发现平常一直使用的 lsof
命令却没有找到实际占用着端口的 RPC 服务,却在 netstat
命令中找到了:
# use netstat
$ netstat -aln | grep 14667
tcp6 0 0 :::14667 :::* LISTEN -
# use lsof
$ lsof -i :14667
真让人头大
Search
由此,我先想到的是看下 lsof
这个命令的说明文档,输入 $ man lsof
命令即可看到文档描述:
NAME
lsof - list open files...
DESCRIPTION
...
An open file may be a regular file, a directory, a block special file, a character special file, an executing text reference, a library, a stream or a network file (Internet socket, NFS file or UNIX domain socket.) A specific file or all the files in a file system may be selected by path.
可以看到, lsof
就是 list open files 的缩写,而在 Linux 环境下,一切皆文件,当操作系统与应用程序进行交互的时候,都会为其创建一个文件描述符,该活动的文件描述符就可以被称为 open file 。
如果仅仅根据这段文档描述,lsof
是一定能够显示 RPC 服务的 ,因为 RPC 是建立在 TCP Socket 之上,而 TCP 为了监听端口,必须要与操作系统交互,建立一个 open file 。
继续往下看,而在接下来的一段中,还有这样的描述:
SECURITY
...
Restricting the listing of all open files is controlled by the compile-time HASSECURITY and HAS- NOSOCKSECURITY options. When HASSECURITY is defined, lsof will allow only the root user to list all open files. The non-root user may list only open files of processes with the same user IDentification number as the real user ID number of the lsof process (the one that its user logged on with).
原来因为 open file 需要访问操作系统核心内存、文件,为了安全,便有了 HASSECURITY
以及 HASNOSOCKSECURITY
两个相对应的参数,如果 HASSECURITY
被定义的时候,我们只有在 root 权限下才能在 lsof
中看到所有的 open file 。
于是赶紧在服务器上使用 root 权限用户尝试一下 lsof
,果然能看到占用着该端口的应用程序:
# sudo root
$ sudo su
# use lsof
$ lsof -i :14667
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xxxx 44258 root 74u IPv6 0xd5e8f554d9ed6ee7 0t0 TCP *:14194 (LISTEN)
那问题又来了,为什么 netstat
命令不需要 root 权限呢?那就输入 $ man netstat
继续看文档吧:
NAME
netstat -- show network status...
DESCRIPTION
The netstat command symbolically displays the contents of various network-related data structures.
There are a number of output formats, depending on the options for the information presented. The
first form of the command displays a list of active sockets for each protocol. The second form
presents the contents of one of the other network data structures according to the option
selected. Using the third form, with a wait interval specified, netstat will continuously display
the information regarding packet traffic on the configured network interfaces. The fourth form
displays statistics for the specified protocol or address family. If a wait interval is specified,
the protocol information over the last interval seconds will be displayed. The fifth form dis-
plays per-interface statistics for the specified protocol or address family. The sixth form dis-
plays mbuf(9) statistics. The seventh form displays routing table for the specified address fam-
ily. The eighth form displays routing statistics.
原来,netstat
只是将网络套接字的连接情况显示出来,不涉及到操作系统被屏蔽起来的 进程信息 等,所以就无需管理员权限了。
当然,如果你添加了 -p
参数,还是需要在 root 权限下才能看到结果的。
网友评论