« Solaris Quiz - answe... | Main | Answer - Solaris... »
20040730 Friday July 30, 2004

Solaris Quiz #2 (Which file)


A fairly simple quiz which probably has several answers. Here we go: We have a process which is already running. We dont want to restart the process. It is writing a lot of data to a file but we dont know which one. We suspect process has a lot of files open. How do we find the name of the file that we are writing to?

Restrictions

  • The OS is Solaris 8
  • We can become root

The prize will be whatever I can scrounge. The winner will not necessarily the first person to answer, but either the most elegant answer, or failing that the answer which meets my arbitrary and as yet unspecified criteria.

If anyone from Sun is reading this and knows whom I can contact for some prizes please email me ( Jul 30 2004, 03:38:58 PM BST ) Permalink Comments [1]

Comments:

(I am assuming we can't use 3rd party tools like lsof) You can use "truss -t write -p PID" to find the file descriptor that is receiving the majority of the writes. Next use "pfiles PID" to list info about the file descriptors, getting the dev and inode info, such as "dev: 85,2" and "inode: 12345". (Could also go to /proc/PID/fd to find the same info with ls -i) Find the file system by doing "ls -lL /dev/md/dsk/*" (or /dev/dsk/*, or /dev/vx/dsk/* as appropriate) and grepping for the dev info (be careful of formatting). Once you have found the correct file system, you can use ncheck -i INODE_NUMBER /filesystem/device/path or find /filesystem -inum INODE_NUMBER

Posted by William Hathaway on July 30, 2004 at 05:37 PM BST #

Post a Comment:

Comments are closed for this entry.