Solved

How to trace the Linux command rm

Posted on 2011-09-22
6
326 Views
Last Modified: 2012-05-12
Would like to trace the command "rm" or "cp" as deep as possible. For example,
rm /usb/file.txt

Remove a file file.txt from USB stick.

What kind of operations are involved in this removal? As a user we know when we issue "rm", the file will be removed. OS kernel takes care of that.
Can any gurus shed some light on how the kernel does it, any code for it, or any links talking about it?
0
Comment
Question by:jl66
  • 3
  • 2
6 Comments
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 240 total points
Comment Utility
strace rm /usb/file.txt

Open in new window

0
 
LVL 37

Accepted Solution

by:
Gerwin Jansen earned 260 total points
Comment Utility
You can add -v to strace for verbose output or use ltrace -S to trace system and library calls::

strace -v rm /usb/file.txt

Open in new window

or
ltrace -S rm /usb/file.txt

Open in new window

0
 

Author Comment

by:jl66
Comment Utility
Thanks for both of you. I will test them and get back to you.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:jl66
Comment Utility
I ran the commands and got the following outputs:

...
SYS_brk(NULL)                                                      = 0x9128000
SYS_access(0x529ec6, 4, 0x52ffc4, 0x530660, 0x529ec6)              = -2
SYS_open("/etc/ld.so.cache", 0, 00)                                = 3
SYS_fstat64(3, 0xbfc53d84, 0x52ffc4, 0x5305e8, 3)                  = 0
SYS_mmap2(0, 90150, 1, 2, 3)                                       = 0xb7856000
SYS_close(3)                                                       = 0
SYS_open("/lib/libc.so.6", 0, 00)                                  = 3
SYS_read(3, "\177ELF\001\001\001", 512)                            = 512
SYS_fstat64(3, 0xbfc53dc8, 0x52ffc4, 0xb7869210, 0x8057cd4)        = 0
SYS_mmap2(0, 4096, 3, 34, -1)                                      = 0xb7855000
SYS_mmap2(0x533000, 0x16f928, 5, 2050, 3)                          = 0x533000
SYS_mmap2(0x69d000, 12288, 3, 2066, 3)                             = 0x69d000
SYS_mmap2(0x6a0000, 10536, 3, 50, -1)                              = 0x6a0000
SYS_close(3)                                                       = 0
SYS_mmap2(0, 4096, 3, 34, -1)      
....

Could you please tell me those functions belong to which *.cpp or *.h? Is thtere any way to show the info too?
 
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
Comment Utility
Well, I guess you'd have to start digging in the Linux source code. I'm no expert at that, sorry.
0
 

Author Closing Comment

by:jl66
Comment Utility
Thanks a lot.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now