Dear dtrace gurus,
I am new to dtrace and am trying to use it to investigate unexpected
changes in file ownership.
How do I find out the name of the file being chowned?
So far I have:
/* chown.d */
BEGIN
{
trace("beginning!");
}
syscall::chown:entry,
syscall::fchown:entry,
syscall::lchown:entry
/ execname != "gconfd-2" /
{
printf("execname=%s, pid=%d\n", execname, pid);
printf( "\t\tpath=%d, owner=%d, group=%d\n",
arg0, arg1, arg2 );
stack();
}
END
{
trace ("ending!");
}
/* end chown.d */
(sample output below)
I expect the first argument (arg0) to chown to be the name of the file.
However, I get an integer instead.
I assume this is a char pointer, or an inode, or some other data structure.
I am using solaris 10 update 7.
thanks,
Josh Kline
sample output:
-bash-3.00# dtrace -s chown.d
dtrace: script 'chown.d' matched 5 probes
CPU ID FUNCTION:NAME
0 1 :BEGIN beginning!
0 321 chown:entry execname=perl, pid=1306
path=134669904, owner=25, group=10
unix`sys_sysenter+0x101
0 321 chown:entry execname=perl, pid=1307
path=134669904, owner=25, group=10
unix`sys_sysenter+0x101
0 321 chown:entry execname=chown, pid=1308
path=134512328, owner=25, group=10
unix`sys_sysenter+0x101
0 321 chown:entry execname=chown, pid=1309
path=134512328, owner=25, group=10
unix`sys_sysenter+0x101
_______________________________________________
dtrace-discuss mailing list
[email protected]
