Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!vrdxhq!baskin!citcom!peter From: peter@citcom.UUCP (Peter Klosky) Newsgroups: comp.unix.questions Subject: Re: A couple questions Message-ID: <16@citcom.UUCP> Date: Fri, 8-May-87 10:53:23 EDT Article-I.D.: citcom.16 Posted: Fri May 8 10:53:23 1987 Date-Received: Sun, 10-May-87 01:48:39 EDT References: <3164@jade.BERKELEY.EDU> <2382@ncoast.UUCP> <1752@dg_rtp.UUCP> <6582@mimsy.UUCP> Organization: Citcom Systems, Inc., Herndon, VA Lines: 34 In article <6582@mimsy.UUCP>, chris@mimsy.UUCP (Chris Torek) writes: > Incidentally, `find / -inum ' takes a *long* time on a big system. It's true that scanning the whole file system to find a given inum would take a long time. This approach is like scanning a whole document for a given word by examining each word. A better approach is to have a sorted list of words with pointers to occurences. Then the words can be scanned using binary search. The same approach can be used with inode numbers by preparing a sorted list of inode numbers and file names. Given a list of file system id, inode number, file name records, it is possible to locate possible names for a file open by a process. In many cases, this will let the enhanced "ofiles" recently posted to net.sources reveal the names of the files open by a given process. It will have trouble in the case where the list is out of date, as the system does not update the inum list. For this reason the program can be fine-tuned to scan directories where changes occur often such as /tmp or other directories often used by the application. If the file table of the process has a tcp/ip deal going, "ofiles" knows about that, too, and will report if the process is waiting to receive datagrams concerning "rwho" or whatever. "ofiles" will also cat an unreferenced file, so even with yes >foo& rm foo it is possible to see all the exciting data. n.b. This program is a security hole, so only use it on systems where the users are trusted. -- Peter Klosky, Citcom Systems (materiel de telecommunications) seismo!vrdxhq!baskin!citcom!peter (703) 689-2800 x 235