MacOS – n attribute that can show which process created a file

macosuti

Now, I can find out which processes are opening files dynamically. However, for a file on my filesystem, is there a way to find out which process created the file?

I'm trying to differentiate a file I created by:

touch(1)

from one created by say, an NSAPI process running under my id.

lastcomm(1)

will give me information such as which tty is doing something, is that an attribute I can access?

Essentially, my id does a bunch of stuff. Much of what my id does should be via applications, or from a terminal. I'd like to find out more. Suggestions?

Best Answer

Darwin is open source. I'm guessing you'll need to modify OS level things, a kernel extension, etc. and add this ability.

Or you could modify the dynamic-view tools you know (fs_usage and/or lsof), have them check if a file is being created, and append the process chain that created it into the Spotlight comment, etc.

Related Solutions

MacOS – Preview does not save PDF form data

I've run into this with some forms, it's not always clear why (although in your case the DRM seems the likely culprit). The workaround for me has always been filling it out as normal, then using the print to PDF functionality (File → Print → PDF → Save as PDF). Certainly not the easiest, and it means you can't re-edit in some situations. But it's still better than dealing with Acrobat.

Alternatively, you could buy PDFPen, which is a pretty fool-proof way of dealing with any PDF form you can find.

MacOS – Replace non-functioning system applications

Luckily, I had another system at the exact same OS level (this is important), which was working fine. I copied the following apps from that machine to a basic folder on the broken machine:

App Store.app
Terminal.app
Preview.app
TextEdit.app

Of course OS X won't let you copy those apps directly into the Applications folder, so I did this, which recursively copies all of the contents (since the .app files aren't just files) and replaces the existing, non-functioning copies:

cp -R ~/<folder>/<file>.app /Applications/

You may have to really ask for a sandwich:

sudo cp -R ~/<folder>/<file>.app /Applications/

And joy, my system works again (but I haven't deleted the copies yet, just in case).

Hope it helps someone else.

Best Answer

Related Solutions

MacOS – Preview does not save PDF form data

MacOS – Replace non-functioning system applications

Related Question