MacBook – /etc/hosts gets over written

dnsmacbook pro

What is the correct way of editing /etc/hosts? I want to add some IP addresses and host names to it. It works for a while (a few hours) and then it gets reverted back to the original version. Is there any process checking the status of /etc/hosts and reverting it back?

I'm on my MBA with Mountain Lion.

Best Answer

As a tool to help you find the culprit, here is a dtrace oneliner which prints the pid and name of any process which opens a file for writing, together with the filename:

dtrace -qn 'syscall::open*:entry /arg1&3/ { printf("%d %s %s\n", pid, execname, copyinstr(arg0)); }'

It needs to be run as root (e.g., with sudo). Pipe it into grep hosts to avoid drowning in output and missing what you are looking for:

sudo dtrace -qn 'syscall::open*:entry /arg1&3/ { printf("%d %s %s\n", pid, execname, copyinstr(arg0)); }' | grep hosts

Hopefully, this will tell you what process is overwriting the file. Just let it run in a terminal window until it triggers.

Best Answer

Related Solutions

Multiple IP addresses for same host name in /private/etc/hosts

MacOS – Can’t access About.com from the Macbook pro 2011 (lion then mtn lion), no matter what I try

Related Question