Dear dtrace gurus, I am new to dtrace and am trying to use it to investigate unexpected changes in file ownership. How do I find out the name of the file being chowned?
So far I have: /* chown.d */ BEGIN { trace("beginning!"); } syscall::chown:entry, syscall::fchown:entry, syscall::lchown:entry / execname != "gconfd-2" / { printf("execname=%s, pid=%d\n", execname, pid); printf( "\t\tpath=%d, owner=%d, group=%d\n", arg0, arg1, arg2 ); stack(); } END { trace ("ending!"); } /* end chown.d */ (sample output below) I expect the first argument (arg0) to chown to be the name of the file. However, I get an integer instead. I assume this is a char pointer, or an inode, or some other data structure. I am using solaris 10 update 7. thanks, Josh Kline sample output: -bash-3.00# dtrace -s chown.d dtrace: script 'chown.d' matched 5 probes CPU ID FUNCTION:NAME 0 1 :BEGIN beginning! 0 321 chown:entry execname=perl, pid=1306 path=134669904, owner=25, group=10 unix`sys_sysenter+0x101 0 321 chown:entry execname=perl, pid=1307 path=134669904, owner=25, group=10 unix`sys_sysenter+0x101 0 321 chown:entry execname=chown, pid=1308 path=134512328, owner=25, group=10 unix`sys_sysenter+0x101 0 321 chown:entry execname=chown, pid=1309 path=134512328, owner=25, group=10 unix`sys_sysenter+0x101 _______________________________________________ dtrace-discuss mailing list dtrace-discuss@opensolaris.org