blob: 50d131cf551d51e5b5989468f5066af1cbb378c2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
.TH setuids.d 1m "$Date:: 2007-08-05 #$" "USER COMMANDS"
.SH NAME
setuids.d \- snoop setuid calls as they occur. Uses DTrace.
.SH SYNOPSIS
.B setuids.d
.SH DESCRIPTION
setuids.d is a simple DTrace program to print details of setuid
calls, where a process assumes a different UID. These are usually
related to login events.
Since this uses DTrace, only the root user or users with the
dtrace_kernel privilege can run this command.
.SH OS
Solaris
.SH STABILITY
stable - needs the syscall provider.
.SH EXAMPLES
.TP
Default output, print setuids as they occur,
#
.B setuids.d
.PP
.SH FIELDS
.TP
UID
user ID (from)
.TP
SUID
set user ID (to)
.TP
PPID
parent process ID
.TP
PID
process ID
.TP
PCMD
parent command
.TP
CMD
command (with arguments)
.SH DOCUMENTATION
See the DTraceToolkit for further documentation under the
Docs directory. The DTraceToolkit docs may include full worked
examples with verbose descriptions explaining the output.
.SH EXIT
setuids.d will run forever until Ctrl\-C is hit.
.SH AUTHOR
Brendan Gregg
[Sydney, Australia]
.SH SEE ALSO
dtrace(1M), bsmconv(1M)
|