A mysterious file keeps appearing on my startup disk. It's most likely a typo in a script or something, but even though it's being created with my user account as the owner, that hasn't helped me narrow it down.
Would it be safe for me to lock my system's startup disk to prevent writing to the root folder? As far as I know nothing needs to be written there, as all the various directories used by the system are already present such as /Library, /tmp, /Applications, /System and so on. But even so, I'm wondering if this is safe to do, or will it ruin my system?
I'm hoping that by locking the volume I can force whatever is creating the file to report an error in a log file, and also to prevent similar clutter in future (some badly written programs have a nasty tendency to put log files there), but obviously it's no good if it'll break something!
Best Answer
You could use dtrace to determine what is creating the file, say using iosnoop.d which runs under dtrace will reveal which applications are using the disk and what files they are reading or writing. This would imply catching its creation or write access, "live".
If that doesn't reveal who's created the file it could be because the process is communicating more tightly with the filessytem and hfsslower.d may be required to locating the IO to this file.
You could also see if the file is open currently, and if so by whom, using
lsof.The above suggestions should reveal what's writing this file, which I believe is the root of your question.
But to specifically answer your question, no you should not "lock" the root directory of your startup disk as this is not an advisable safe practice and may prevent the OS from booting or functioning as expected. I presume here that by locking you mean the Finder concept of locking a file, or the POSIX concepts of restricting permissions and using the uchg/schg file flags via chflags. While Mac OS X doesn't normally create new files in this location arbitrarily, changes in permissions and ownership could effect filesystem traversal by users and processes and in general *nix systems expect the root volume directory to be mutable. Many processes and commands in *nix use this as a fallback default, and it's often seen used in certain cases where a login occurs and there's no HOME, for instance. While it may ave no immediate short term negative effects, it's not a wise practice nor is it the best method to determine what's causing your mysterious file creation.
Knowing more about the file might also help answer your underlying question.