MacOS – “opensnoop” utility doesn’t work with spaces between filenames, how to fix

macosunix

I use "opensnoop"

/usr/bin/opensnoop

to show all files which are opened from different processes.

But when I want to specific a file with

sudo opensnoop -n "directory/filename"

i'm getting this error:

token too large, exceeds YYLMAX

I'm hunting around for a fix and found only this website. The author modified the opensnoop script:

this is due to line 154 in /usr/bin/opensnoop containing
inline string NAME = "'$pname'";
that produces a dtrace script with this quoting
inline string NAME = "foo' 'bar";
and the first single quote ends the dtrace invocation leaving its input script incomplete.
The quick patch is to replace line 154 with
inline string NAME = "'"$pname"'";

but i'm still getting this error message.

Can anybody help me? Or tell me another utility where i can show the app which is currently working with a specific file?

Best Answer

-n is only meant to be used with process names like sudo opensnoop -n System\ Preferences. To see what processes access a file, use sudo opensnoop -f /tmp/a\ b.txt.

The change mentioned in the blog post fixes -n but not -f. To fix both of them, edit /usr/bin/opensnoop and replace these lines:

inline string PATHNAME = "'$pathname'";
inline string NAME = "'$pname'";

With this:

inline string PATHNAME = "'"$pathname"'";
inline string NAME = "'"$pname"'";

Best Answer

Related Solutions

MacOS – Why doesn’t the Mac App Store Twitter app (v. 2.0.2) work well with Spaces

MacOS – Switching between windows doesn’t work in some apps

Related Question