I noticed that creating a file using output redirection involves neither creat() or open() system call. I thinks this is due to the stdin and stdout always exist and are always open. But how can I detect (i.e., using dtrace) file creation/read/write in those case?
Please see below turss outputs.
echo 888 >/var/tmp/testfile1
7570/1: 0.0022 0.0022 0.0000 sysinfo(SI_MACHINE, "i86pc", 257) = 6
7570/1: 0.0022 0.0000 0.0000 mmap(0x00000000, 32, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFEFF0000
7570/1: 0.0023 0.0001 0.0000 mmap(0x00000000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFEFB0000
7570/1: 0.0024 0.0001 0.0000 mmap(0x00000000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFEFA0000
7570/1: 0.0024 0.0000 0.0000 memcntl(0xFEFBE000, 13608, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
7570/1: 0.0025 0.0001 0.0000 mmap(0x00000000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFEF90000
7570/1: 0.0025 0.0000 0.0000 memcntl(0x08050000, 1708, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
7570/1: 0.0026 0.0001 0.0000 resolvepath("/usr/lib/ld.so.1", "/lib/ld.so.1", 1023) = 12
7570/1: 0.0027 0.0001 0.0000 resolvepath("/usr/bin/echo", "/usr/bin/echo", 1023) = 13
7570/1: 0.0027 0.0000 0.0000 sysconfig(_CONFIG_PAGESIZE) = 4096
7570/1: 0.0028 0.0001 0.0000 stat64("/usr/bin/echo", 0x08045C10) = 0
7570/1: 0.0028 0.0000 0.0000 open("/var/ld/ld.config", O_RDONLY) Err#2 ENOENT
7570/1: 0.0029 0.0001 0.0000 stat64("/usr/lib/libc.so.1", 0x080454C0) = 0
7570/1: 0.0030 0.0001 0.0000 resolvepath("/usr/lib/libc.so.1", "/lib/libc.so.1", 1023) = 14
7570/1: 0.0030 0.0000 0.0000 open("/usr/lib/libc.so.1", O_RDONLY) = 3
7570/1: 0.0031 0.0001 0.0000 mmap(0x00010000, 32768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ALIGN, 3, 0) = 0xFEF80000
7570/1: 0.0031 0.0000 0.0000 mmap(0x00010000, 1155072, PROT_NONE, MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xFEE60000
7570/1: 0.0032 0.0001 0.0000 mmap(0xFEE60000, 1110613, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_TEXT, 3, 0) = 0xFEE60000
7570/1: 0.0032 0.0000 0.0000 mmap(0xFEF70000, 30255, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_INITDATA, 3, 1114112) = 0xFEF70000
7570/1: 0.0033 0.0001 0.0000 mmap(0xFEF78000, 4200, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xFEF78000
7570/1: 0.0033 0.0000 0.0000 munmap(0xFEF80000, 32768) = 0
7570/1: 0.0034 0.0001 0.0000 close(3) = 0
7570/1: 0.0034 0.0000 0.0000 mmap(0x00000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFEF80000
7570/1: 0.0035 0.0001 0.0000 memcntl(0xFEE60000, 124760, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
7570/1: 0.0038 0.0003 0.0000 mmap(0x00010000, 24576, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xFEE50000
7570/1: 0.0039 0.0001 0.0000 getcontext(0x08045A80)
7570/1: 0.0039 0.0000 0.0000 getrlimit(RLIMIT_STACK, 0x08045A78) = 0
7570/1: 0.0039 0.0000 0.0000 getpid() = 7570 [7569]
7570/1: 0.0040 0.0001 0.0000 lwp_private(0, 1, 0xFEE52A00) = 0x000001C3
7570/1: 0.0041 0.0001 0.0000 setustack(0xFEE52A60)
7570/1: 0.0041 0.0000 0.0000 sysi86(SI86FPSTART, 0xFEF78718, 0x0000133F, 0x00001F80) = 0x00000001
7570/1: 0.0042 0.0001 0.0000 ioctl(1, TCGETA, 0x08045E64) Err#25 ENOTTY
7570/1: 0.0043 0.0001 0.0000 fstat64(1, 0x08045E90) = 0
7570/1: 0.0042 0.0001 0.0000 ioctl(1, TCGETA, 0x08045E64) Err#25 ENOTTY
7570/1: 0.0043 0.0001 0.0000 fstat64(1, 0x08045E90) = 0
7570/1: 0.0043 0.0000 0.0000 brk(0x08061710) = 0
7570/1: 0.0044 0.0001 0.0000 brk(0x08083710) = 0
7570/1: 0.0044 0.0000 0.0000 fstat64(1, 0x08045DD0) = 0
7570/1: 0.0045 0.0001 0.0000 write(1, " 8 8 8\n", 4) = 4
7570/1: 0.0046 0.0001 0.0000 _exit(0)
Redirection is done by your shell, not the
echo
command.echo
just outputs to the standard output (descriptor 1), which your shell made point to/var/tmp/testfile1
. Trystrace -ff sh -c "echo > /tmp/somefile"
and you'll see/tmp/somefile
is being open for writing.You missed the
open64
function