setuids.d(1m) USER COMMANDS setuids.d(1m)

setuids.d - snoop setuid calls as they occur. Uses DTrace.


setuids.d is a simple DTrace program to print details of setuid calls, where a process assumes a different UID. These are usually related to login events.

Since this uses DTrace, only users with root privileges can run this command.

# setuids.d

user ID (from)
set user ID (to)
parent process ID
process ID
parent command
command (with arguments)

See the DTraceToolkit for further documentation under the Docs directory. The DTraceToolkit docs may include full worked examples with verbose descriptions explaining the output.

setuids.d will run forever until Ctrl-C is hit.

Brendan Gregg [Sydney, Australia]

dtrace(1M), bsmconv(1M)

June 18, 2005 version 1.00