{"id":21552,"date":"2014-09-04T13:00:00","date_gmt":"2014-09-04T18:00:00","guid":{"rendered":"http:\/\/blog.cpanel.net\/?p=21552"},"modified":"2014-09-04T13:00:00","modified_gmt":"2014-09-04T18:00:00","slug":"starting-with-strace","status":"publish","type":"post","link":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/","title":{"rendered":"Starting with Strace"},"content":{"rendered":"<h2>What is strace?<\/h2>\n<p>Strace is a \u201csystem call trace\u201d program. It attaches to a process and tracks system calls and signals made to and from it (and possibly it\u2019s children). There are limitations to strace, some of which are detailed below. However, strace can be a very valuable tool for determining the root cause of many issues. This post only covers very basic usage of strace. The example used here can be done using jailshell.<\/p>\n<p><!--more--><\/p>\n<h3>What is a process?<\/h3>\n<p>For the purposes of this tutorial, a process is a unique instance of program being run, identified on the system by a unique process identifier (pid). For more information see <a href=\"http:\/\/www.linfo.org\/process.html\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/www.linfo.org\/process.html<\/a> and <a href=\"http:\/\/en.wikipedia.org\/wiki\/Process_identifier\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/en.wikipedia.org\/wiki\/Process_identifier<\/a><\/p>\n<h3>What is a system call?<\/h3>\n<p>A system call is how a program requests that the operating system kernel perform a task for it. There are quite a few \u201cnormal\u201d tasks that the operating system kernel does for programs regularly, including extremely common file operations like reading and writing. More information regarding system calls can be found at: <a href=\"http:\/\/en.wikipedia.org\/wiki\/System_call\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/en.wikipedia.org\/wiki\/System_call<\/a><\/p>\n<h3>What information can strace capture? Not capture?<\/h3>\n<p>Strace can tell you<\/p>\n<ul>\n<li>what files and network connections were opened, closed, or attempted<\/li>\n<li>what was read from and written to from said files and connections<\/li>\n<\/ul>\n<p>Strace cannot tell you what is happening inside the process. It is not a debugger and is not aware of the variables used inside the process.<\/p>\n<h3>What do I have to know before I can use strace?<\/h3>\n<p>Strace is a power tool in your troubleshooting bag. But it\u2019s not the most basic tool. General troubleshooting (checking log files, researching error messages, etc) should be done before attempting to solve a problem with strace. Before using strace, you\u2019ll need to be able to reliably reproduce the issue so that you can catch it with strace. You\u2019ll also need to determine what process to strace (covered later).<\/p>\n<h3>When am I not able to use strace?<\/h3>\n<p>In addition to there being times when strace will not be helpful, there are a few scenarios when you can not use strace. While most normal processes can be attached to by strace, there are some exceptions.<\/p>\n<p>You cannot attach to a process in these scenarios:<\/p>\n<ul>\n<li>when a debugger or other tracing program is already attached<\/li>\n<li>when you do not own the process, unless you are running the strace as root<\/li>\n<li>when the system has special protections preventing strace from being used to gather information<\/li>\n<\/ul>\n<h3>Resource considerations<\/h3>\n<p>Output files created by strace files do get very big very quickly, but more importantly are the numerous writes that strace output produces. This i\/o hit is not mitigated (and is frequently made worse) by outputting to the terminal instead of a file.<\/p>\n<h2>Before you start to strace<\/h2>\n<h3>Ensuring strace is installed<\/h3>\n<p>You can determine if strace is installed by typing:<\/p>\n<p><code>strace -V<\/code><\/p>\n<p>If strace is installed, you\u2019ll see something like: strace &#8212; version 4.5.19. If it\u2019s not installed, you\u2019ll see something like bash: strace: command not found. Install strace with:<\/p>\n<p><code>yum install strace<\/code><\/p>\n<p>This command does require root access, so if you do not have root, you will need to request that your web hosting provider install strace for you.<\/p>\n<h3>Finding the right process<\/h3>\n<p>The ps command is very useful if you need to attach strace to a long running existing process (like a backup that you think may have stalled). The important column is the PID column. It will frequently be either the first or second column, depending on which options you use.<\/p>\n<p>What output you can see with the ps command is greatly dependent on your permissions for the server. A user with jailshell will frequently see very little:<br \/><code><br \/>\ncptest@cptest.test [~]# ps uxfww<br \/>\nUSER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND<br \/>\ncptest 1 0.0 0.1 108300 1780 ? S 10:01 0:00 jailshell<br \/>\ncptest 10 0.0 0.1 110192 1036 ? R+ 10:02 0:00 ps wwwfux<br \/>\ncptest@cptest.test [~]#<br \/>\n<\/code><\/p>\n<p>\ufffcThe root user will see quite a bit more (part of the results from the command ps uxfww):<br \/>\ufffc<code><br \/>\nroot 1042 0.0 0.1 249088 1992 ? Sl Aug27 0:02 \/sbin\/rsyslogd -i \/var\/run\/syslogd.pid -c 5<br \/>\nroot 1120 0.0 0.0 4080 624 ? Ss Aug27 0:00 \/usr\/sbin\/acpid<br \/>\nroot 1192 0.0 0.1 66616 1220 ? Ss Aug27 0:00 \/usr\/sbin\/sshd<br \/>\nroot 10424 0.0 0.3 104484 4068 ? Ss 09:59 0:00 _ sshd: root@pts\/0<br \/>\nroot 10432 0.0 0.1 108296 1828 pts\/0 Ss 09:59 0:00 _ -bash<br \/>\nroot 10486 0.0 0.1 110340 1132 pts\/0 R+ 10:00 0:00 _ ps wwwfux<br \/>\nroot 1204 0.0 0.1 108296 1544 ? S Aug27 0:00 \/bin\/sh \/usr\/bin\/mysqld_safe --datadir=\/var\/lib\/mysql --pid-file=\/var\/lib\/mysql\/nt13188.product.cpanel.vm.pid<br \/>\nroot 1355 0.0 0.1 19608 1100 ? Ss Aug27 0:01 \/usr\/sbin\/dovecot<br \/>\nroot 1368 0.0 0.1 13444 1280 ? S Aug27 0:00 _ dovecot\/log<br \/>\nroot 1372 0.0 0.2 16428 2084 ? S Aug27 0:01 _ dovecot\/config<br \/>\nroot 1449 0.0 5.0 165480 51148 ? Ss Aug27 2:09 \/usr\/local\/cpanel\/3rdparty\/perl\/514\/bin\/spamd -d --allowed-ips=127.0.0.1 --pidfile=\/var\/run\/spamd.pid --max-children=3 --max-spare=1<br \/>\nroot 1557 0.0 4.8 165480 49116 ? S Aug27 0:00 _ spamd child<br \/>\nroot 1471 0.0 0.0 110316 948 ? Ss Aug27 0:00 \/usr\/sbin\/abrtd<br \/>\nroot 1483 0.0 0.5 73712 5176 ? Ss Aug27 0:33 \/usr\/local\/apache\/bin\/httpd -k start -DSSL<br \/>\n<\/code><\/p>\n<p>A jailshell user will not be able to see processes that it did not start in the terminal they are running ps from. This includes php processes and cPanel login sessions. A normal\/bash shell user will be able to see all their processes &#8211; and processes running as other users.<\/p>\n<p>If you are attaching strace as the process starts, you will not need to use ps to determine the pid. If you only have jail shell access, you will be limited to using strace on processes you can start yourself (from the jail shell).<\/p>\n<h2>Starting strace and basic options<\/h2>\n<p>There are two ways to attach a strace to a process: you can start the process with strace attached or you can attach strace to an already running process.<\/p>\n<h3>Strace a process start to finish<\/h3>\n<p>Staring a process with strace already attached means starting strace and having strace start the process. You tell strace you want it to start the process by adding the command you want to strace as the last argument of strace. This sounds complicated, but is easy. For example, if you wanted to strace the script .\/chdir.sh start to finish, you would use this command:<\/p>\n<p><code># strace .\/chdir.sh<\/code><\/p>\n<p>will print the strace output generated when running the shell script chdir.sh to the screen. Note that the command does run normally &#8211; any actions normally performed by the script being invoked will occur normally. Strace logs them, it does not stop them from occurring.<\/p>\n<h3>Attaching to an already running process: -p PID<\/h3>\n<p>If instead, you wish to attach to a long running process (like, say, a backup) you would use the similar command:<\/p>\n<p><code># strace -p 12345<\/code><\/p>\n<p>In this case, the orange text is the -p (pid) option followed by the target process\u2019s process ID. To detach from a strace, use Ctrl-D.<\/p>\n<h3>Saving strace output to a file: -o filename<\/h3>\n<p>In most cases, you\u2019ll want to save your strace output to a file. This is frequently faster than outputting to the terminal, and it gives you the opportunity to easily search the output using tools like grep. For example to save the output of the above command to a file called \u201cdebug.strace\u201d in the current directory, you would use the command:<\/p>\n<p><code># strace -o debug.strace -p 12345<\/code><\/p>\n<p>You can use any path that you have access to. The file does not need to already exist. If it does, strace will overwrite it. If you use a path you don\u2019t have access to, you\u2019ll get a Permission denied error and strace won\u2019t attach:<\/p>\n<p><code><br \/>\nmary@mary.test [~\/public_html]# strace -f -o \/root\/perl-quiet2.strace .\/open-silent.pl<br \/>\nstrace: can't fopen '\/root\/perl-quiet2.strace': Permission denied<br \/>\nmary@mary.test [~\/public_html]#<br \/>\n<\/code><\/p>\n<h3>Following forks: -f and -ff<\/h3>\n<p>Many processes create child processes to handle some of the work, and you will almost certainly need to tell strace to log them as well. This is recursive &#8211; if the child process creates a child, that \u201cgrandchild\u201d will also be included in the strace. This is called \u201cfollowing forks\u201d, and there are two ways to do so with strace. You can have strace merge all the output together with -f, or you can use -ff with -o and have strace write one file for each process (-ff).<\/p>\n<h3>Targeting in time: -t, -tt, -ttt, -T<\/h3>\n<p>Timestamps are extremely useful. You may need to order events in a strace file and a log file or want to know how long a system call took. The four \u201ct\u201d options of strace can help with this:<\/p>\n<p><strong>switch<\/strong><strong>what it does<\/strong><strong>example<\/strong><\/p>\n<table>\n<thead><\/thead>\n<tbody>\n<tr>\n<td>-t<\/td>\n<td>add a timestamp to each line<\/td>\n<td>12:39:18 brk(0) = 0x8da000<\/td>\n<\/tr>\n<tr>\n<td>-tt<\/td>\n<td>add a timestamp with microseconds<\/td>\n<td>12:39:34.601873 brk(0) = 0x18cc000<\/td>\n<\/tr>\n<tr>\n<td>-ttt<\/td>\n<td>add a timestamp with microseconds and the number of seconds since the epoch<\/td>\n<td>1401557981.377712 brk(0) = 0x1509000<\/td>\n<\/tr>\n<tr>\n<td>-T<\/td>\n<td>add the time spent in the system call<\/td>\n<td><em>using both -ttt and -T:<\/em> 1401558007.457779 brk(0) = 0x1d59000 &lt;0.000012&gt;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>Verbosity and string size: -v and -s<\/h3>\n<p>Neither of these options is used in the example, but they are worth mentioning because they can be very useful.<\/p>\n<p>The string size option (-s) lets you change how much of a string being read or written is shown in the strace output. The default string length is 32. There are a few things to note:<\/p>\n<ul>\n<li>Filenames are not considered strings and are always printed in full<\/li>\n<li>strace will still tell you how long the string was, even if it doesn\u2019t show you the whole thing<\/li>\n<li>string length is not quite the same as the number of characters (because string length includes control characters like the newline and some UTF-8 characters are more than 1 unit long by strace&#8217;s counting method)<\/li>\n<\/ul>\n<p>The -v (verbose) switch tells strace to print the more information about environment for many calls. This is very noticeable on the &#8220;stat&#8221; call. For instance, the first line of a strace without the verbose option looks like this:<br \/><code>1489 execve(\".\/open-silent.pl\", [\".\/open-silent.pl\"], [\/* 31 vars *\/]) = 0<\/code><br \/>with the verbose option, I see:<br \/><code>execve(\".\/open-silent.pl\", [\".\/open-silent.pl\"], [\"HOSTNAME=nt12199.product.cpanel.\"..., \"TERM=xterm-256color\", \"SHELL=\/bin\/bash\", \"HISTSIZE=1000\", \"SSH_CLIENT=10.1.7.152 56078 22\", \"PERL5LIB=\/home\/mary\/perl5\/lib\/pe\"..., \"OLDPWD=\/home\/mary\", \"PERL_MB_OPT=--install_base \"\/hom\"..., \"SSH_TTY=\/dev\/pts\/0\", \"USER=mary\", \"LS_COLORS=rs=0:di=01;34:ln=01;36\"..., \"MAIL=\/var\/spool\/mail\/mary\", \"PATH=\/usr\/local\/jdk\/bin:\/home\/ma\"..., \"PWD=\/home\/mary\/public_html\", \"JAVA_HOME=\/usr\/local\/jdk\", \"EDITOR=pico\", \"LANG=en_US.UTF-8\", \"HISTCONTROL=ignoredups\", \"SHLVL=1\", \"HOME=\/home\/mary\", \"LS_OPTIONS=--color=tty -F -a -b \"..., \"PERL_LOCAL_LIB_ROOT=\/home\/mary\/p\"..., \"LOGNAME=mary\", \"VISUAL=pico\", \"CVS_RSH=ssh\", \"CLASSPATH=.:\/usr\/local\/jdk\/lib\/c\"..., \"SSH_CONNECTION=10.1.7.152 56078 \"..., \"LESSOPEN=|\/usr\/bin\/lesspipe.sh %\"..., \"PERL_MM_OPT=INSTALL_BASE=\/home\/m\"..., \"G_BROKEN_FILENAMES=1\", \"_=\/usr\/bin\/strace\"]) = 0<\/code><\/p>\n<h2>Reading strace output<\/h2>\n<p>Using strace to document the activity of a very simple script like this one:<br \/><code><br \/>\n#!\/bin\/bash<br \/>\ncd \/home\/<br \/>\n<\/code><br \/>produces a 6.3K file when using a invoking strace with this command:<br \/><code>strace -o changedir .\/chdir.sh <\/code><\/p>\n<p>The script is functionally useless, but stracing it does produce some output for us to examine. Please do try this at home; it\u2019s the best way to learn. \ud83d\ude42 When you do, you\u2019ll see that the first line in the strace is:<\/p>\n<p><code>execve(\".\/chdir.sh\", [\".\/chdir.sh\"], [\/* 22 vars *\/]) = 0<\/code><\/p>\n<p>You\u2019ll see a line similar to this (with the execve call) when you start strace with a command. You will not see it if you attach strace to an already running process. The majority of the file contains information that we don\u2019t care about as beginners, but there are a few items of interest. \ud83d\ude42<\/p>\n<h3>File Handles<\/h3>\n<p>The second line of interest is:<\/p>\n<p><code>open(\".\/chdir.sh\", O_RDONLY) = 3<\/code><\/p>\n<p>This is the operating system opening the script we\u2019re running. It\u2019s using the open system call to open the file .\/chdir.sh in readonly mode. It\u2019s assigned it file handle #3. After it opens the file, it reads it. Strace does not give you the name of the file ever again &#8211; it only tells you what file handle it\u2019s reading from:<\/p>\n<p><code>read(3, \"#!\/bin\/bashnncd \/home\/nn\", 80) = 24<\/code><\/p>\n<p>The above line tells you that the system read 24 bytes from file handle #3. It even helpfully tells you the content of those 24 bytes, because it\u2019s short. Normally the entire amount read by the system will not be included in the strace &#8211; only the first small amount.<\/p>\n<p>To determine what that file is, you have to scroll up and see what the last file that was opened successfully with that file handle. Linux does reuse file handles, so it\u2019s not uncommon to see something like:<\/p>\n<p><code><br \/>\nopen(\".\/chdir.sh\", O_RDONLY) = 3<br \/>\nread(3, \"#!\/bin\/bashnncd \/home\/nn\", 80) = 24<br \/>\nclose(3)<br \/>\nopen(\".\/read.sh\", O_RDONLY) = 3<br \/>\nioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffbfda78c0) = -1 ENOTTY (Inappropriate ioctl for device)<br \/>\n<\/code><\/p>\n<p>In this case, the error is not important &#8211; the kernel is simply telling the program that the file .\/read.sh is not a terminal. You will see this frequently in strace output and can ignore it. The important detail to remember here is that file handles are re-used, and it\u2019s important to read up from the line your interested in to find what file is currently being referenced by the file handle.<\/p>\n<h3>File handles 1 and 2<\/h3>\n<p>File handles 1 and 2 are special. File handle 1 is standard input and file handle 2 is standard output. Standard error is another special file handle that, if used, frequently takes up file handle 3. A tutorial on standard input, output, and error can be found at: <a href=\"http:\/\/www.linfo.org\/stdio.html\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/www.linfo.org\/stdio.html<\/a>.<\/p>\n<h3>Manual pages (getting more info)<\/h3>\n<p>The linux manual pages are divided into sections. Section 2 is for system calls, like the ones you will see in strace output. Each system call has it\u2019s own manual page that includes all the things that are allowed to go as arguments (between the parentheses) and all the return values (things that can appear after the \u201c=\u201d sign).<\/p>\n<p>At this stage, the manual page is mostly useful for looking up things that appear in the strace output. For instance, an example used later will contain the following output:<\/p>\n<p><code>open(\".\/chdir.sh\", O_RDONLY) = 3<\/code><\/p>\n<p>If you want to know what O_RDONLY means, you can either search the web for \u201cman open linux\u201d and use your browsers \u201cfind on page\u201d function to find the information regarding O_RDONLY or you can use man 2 open and (by default) the \u201c\/\u201d key to search inside the manpage. The first instance of O_RDONLY on the page says:<\/p>\n<blockquote>\n<p>The argument flags must include one of the following access modes: O_RDONLY, O_WRONLY, or O_RDWR. These request opening the file read-only, write-only, or read\/write, respectively.<\/p>\n<\/blockquote>\n<p>We now know that the file was opened read only. Lets say that instead of the above, output, we saw:<\/p>\n<p><code>open(\".\/chdir.sh\", O_RDONLY) = EACCES<\/code><\/p>\n<p>We then search on the manual page for EACCES and find:<\/p>\n<blockquote>\n<p>The requested access to the file is not allowed, or search permission is denied for one of the directories in the path prefix of pathname, or the file did not exist yet and write access to the parent directory is not allowed. (See also path_resolution(7).<\/p>\n<\/blockquote>\n<p>This is a little verbose, but it basically says that this is an access error &#8211; like permission denied.<\/p>\n<h2>Example: Permission Issues<\/h2>\n<p>Permission issues are very common on linux servers, and can sometimes be hard to track down. Strace can be a helpful tool for many permissions issues. With cPanel, you\u2019ll be using strace on a lot of perl scripts. It\u2019s also likely that there will be multiple errors in one script. This example shows two permissions and a missing file issue.<\/p>\n<ol>\n<li>Create a file in your working directory called \u201copen-warn.pl\u201d and copy the contents below into it. Ensure that it is set to be executable (chmod +x open-warn.pl)<\/li>\n<li>Create a file called \u201ctest-read\u201d that contains a short string, like \u201cThis is a test file\u201d, and ensure that it has 0 permissions.<\/li>\n<li>Create a directory called \u201ccontent\u201d, and copy the test-read file into it.<\/li>\n<li>Ensure that the content folder has 0 permissions, and that the test-read file inside the content folder it is set to 644.<\/li>\n<li>Ensure that there is no file named \u201ctest-read-missing\u201d in the working directory.<\/li>\n<li>Run strace on open-warn.pl, following forks and outputting to the file perl-test.strace<\/li>\n<\/ol>\n<p>The file for step 1:<br \/><code><br \/>\n[~\/public_html]# cat open-warn.pl<br \/>\n#!\/usr\/bin\/perl<\/code><\/p>\n<p>print &#8220;Testing bad file permissionsn&#8221;;<br \/>$filename = &#8220;test-read&#8221;;<br \/>open( FILE, &#8220;&lt; $filename&#8221; ) or warn &#8220;Can&#8217;t open $filename : $!&#8221;;<br \/>close FILE;<\/p>\n<p>print &#8220;Testing bad folder permissionsn&#8221;;<br \/>$filename = &#8220;content\/test-read&#8221;;<br \/>open( FILE, &#8220;&lt; $filename&#8221; ) or warn &#8220;Can&#8217;t open $filename : $!&#8221;;<br \/>close FILE;<\/p>\n<p>print &#8220;Testing missing filen&#8221;;<br \/>$filename = &#8220;test-read-missing&#8221;;<br \/>open( FILE, &#8220;&lt; $filename&#8221; ) or warn &#8220;Can&#8217;t open $filename : $!&#8221;;<br \/>close FILE;<\/p>\n<p>The \u201cn\u201d at the end of each print statement tells perl to insert a newline. It also tells perl to flush the print buffer (print right now). Without them, all the error messages would print above all the print statements. (Go ahead and try it)<\/p>\n<p>The output from step 5:<br \/><code><br \/>\n[~\/public_html]# strace -f -o perl-test.strace .\/open-warn.pl<br \/>\nTesting bad file permissions<br \/>\nCan't open test-read : Permission denied at .\/open-warn.pl line 5.<br \/>\nTesting bad folder permissions<br \/>\nCan't open content\/test-read : Permission denied at .\/open-warn.pl line 10.<br \/>\nTesting missing file<br \/>\nCan't open test-read-missing : No such file or directory at .\/open-warn.pl line 15.<br \/>\n[~\/public_html]#<br \/>\n<\/code><\/p>\n<p>So we have two \u201cPermission Denied\u201d and one \u201cNo such file\u201d error. We can grep for either EACCES or \u201cPermission denied\u201d in the strace and find the errors quickly and easily:<\/p>\n<p><code><br \/>\n[~\/public_html]# grep EACCES ..\/perl-test.strace<br \/>\n8817 open(\"test-read\", O_RDONLY) = -1 EACCES (Permission denied)<br \/>\n8817 open(\"content\/test-read\", O_RDONLY) = -1 EACCES (Permission denied)<br \/>\n<\/code><\/p>\n<p>When we grep for ENOENT or \u201cNo such file\u201d, however, we get quite a few more. Below I have two examples of pulling out some of the lines I know I don\u2019t need. Unfortunately, determining what you can safely exclude is highly context dependent.<\/p>\n<p><code><br \/>\n[~\/public_html]# grep ENOENT ..\/perl-test.strace | grep -v \"\/usr\/\"<br \/>\n8817 access(\"\/etc\/ld.so.preload\", R_OK) = -1 ENOENT (No such file or directory)<br \/>\n8817 stat(\"\/home\/mary\/perl5\/lib\/perl5\/5.10.1\/x86_64-linux-thread-multi\", 0x7fff625b1400) = -1 ENOENT (No such file or directory)<br \/>\n8817 stat(\"\/home\/mary\/perl5\/lib\/perl5\/5.10.1\", 0x7fff625b1400) = -1 ENOENT (No such file or directory)<br \/>\n8817 stat(\"\/home\/mary\/perl5\/lib\/perl5\/x86_64-linux-thread-multi\", 0x7fff625b1400) = -1 ENOENT (No such file or directory)<br \/>\n8817 stat(\"\/home\/mary\/perl5\/lib\/perl5\/5.10.0\", 0x7fff625b1400) = -1 ENOENT (No such file or directory)<br \/>\n8817 open(\"test-read-missing\", O_RDONLY) = -1 ENOENT (No such file or directory)<br \/>\n<\/code><br \/>or<br \/><code><br \/>\n[~\/public_html]# grep ENOENT ..\/perl-test.strace | grep -v \"perl5\"<br \/>\n8817 access(\"\/etc\/ld.so.preload\", R_OK) = -1 ENOENT (No such file or directory)<br \/>\n8817 open(\"\/usr\/share\/locale\/en_US.UTF-8\/LC_MESSAGES\/libc.mo\", O_RDONLY) = -1 ENOENT (No such file or directory)<br \/>\n8817 open(\"\/usr\/share\/locale\/en_US.utf8\/LC_MESSAGES\/libc.mo\", O_RDONLY) = -1 ENOENT (No such file or directory)<br \/>\n8817 open(\"\/usr\/share\/locale\/en_US\/LC_MESSAGES\/libc.mo\", O_RDONLY) = -1 ENOENT (No such file or directory)<br \/>\n8817 open(\"\/usr\/share\/locale\/en.UTF-8\/LC_MESSAGES\/libc.mo\", O_RDONLY) = -1 ENOENT (No such file or directory)<br \/>\n8817 open(\"\/usr\/share\/locale\/en.utf8\/LC_MESSAGES\/libc.mo\", O_RDONLY) = -1 ENOENT (No such file or directory)<br \/>\n8817 open(\"\/usr\/share\/locale\/en\/LC_MESSAGES\/libc.mo\", O_RDONLY) = -1 ENOENT (No such file or directory)<br \/>\n8817 open(\"test-read-missing\", O_RDONLY) = -1 ENOENT (No such file or directory)<br \/>\n<\/code><\/p>\n<p>Either way, it\u2019s the last line that gives us what we\u2019re looking for.<\/p>\n<p>Now, this was a little easy &#8211; we knew what to look for because the error message told us. Most of the time, you\u2019ll be using strace because the error messages are not so helpful. Lets modify our open-warn.pl program and call it open-silent.pl:<br \/><code><br \/>\n[~\/public_html]# cat open-silent.pl<br \/>\n#!\/usr\/bin\/perl<\/code><\/p>\n<p>print &#8220;Testing bad file permissions&#8221;;<br \/>$filename = &#8220;test-read&#8221;;<br \/>open( FILE, &#8220;&lt; $filename&#8221; ) or warn &#8220;Can&#8217;t open an important file&#8221;;<br \/>close FILE;<\/p>\n<p>print &#8220;Testing bad folder permissions&#8221;;<br \/>$filename = &#8220;content\/test-read&#8221;;<br \/>open( FILE, &#8220;&lt; $filename&#8221; ) or warn &#8220;Can&#8217;t open an important file&#8221;;<br \/>close FILE;<\/p>\n<p>print &#8220;Testing missing file&#8221;;<br \/>$filename = &#8220;test-read-missing&#8221;;<br \/>open( FILE, &#8220;&lt; $filename&#8221; ) or warn &#8220;Can&#8217;t open an important file&#8221;;<br \/>close FILE;<\/p>\n<p>Now when we run strace we get output like this:<br \/><code><br \/>\n[~\/public_html]# strace -f -o perl-quiet.strace .\/open-silent.pl<br \/>\nCan't open an important file at .\/open-silent.pl line 5.<br \/>\nCan't open an important file at .\/open-silent.pl line 10.<br \/>\nCan't open an important file at .\/open-silent.pl line 15.<br \/>\nTesting bad file permissionsTesting bad folder permissionsTesting missing [~\/public_html]#<br \/>\n<\/code><\/p>\n<p>Now, it still gives you some hints &#8211; like the line number. But every single one of those lines reads:<br \/><code> open( FILE, \"&lt; $filename\" ) or warn \"Can't open an important file\";<\/code><\/p>\n<p>If the program was long and complicated, we\u2019d have no way of knowing if it was the same file that was being attempted multiple times or if there were multiple files. Now the strace file tells us something useful. I would start by checking for permission errors, since they are the most common reason that a file can\u2019t be opened:<br \/><code><br \/>\n[~\/public_html]# grep EACCES perl-quiet.strace<br \/>\n1489 open(\"test-read\", O_RDONLY) = -1 EACCES (Permission denied)<br \/>\n1489 open(\"content\/test-read\", O_RDONLY) = -1 EACCES (Permission denied)<br \/>\n<\/code><\/p>\n<p>That gives us two of our three errors. Honestly, if I were debugging for real, at this point I would just check all the permissions on public_html and it\u2019s subfolders and files. Because permission issues usually come in large batches on a webserver. \ud83d\ude42<\/p>\n<p>Once I\u2019ve fixed the permission issues on test-read and content, I can run strace again. Now I only have one error message. I\u2019m going to check for permission issues again, because sometimes when you fix one permission issue (especially on a directory) it uncovers more permission issues. Unfortunately for me, there are no more permission issues:<\/p>\n<p><code><br \/>\n[~\/public_html]# grep EACCES perl-quiet2.strace<br \/>\n[~\/public_html]#<br \/>\n<\/code><\/p>\n<p>So now I have to think of what else might cause a file not to be opened. Maybe the file just isn\u2019t there. So I grep for ENOENT and man there\u2019s a lot of output. I always start at the bottom &#8211; especially if the error stops the program from running to completion. In this case, the last line is:<\/p>\n<p><code>1595 open(\"test-read-missing\", O_RDONLY) = -1 ENOENT (No such file or directory)<\/code><\/p>\n<p>Now I know that a program related file is missing. Depending on what my actual application is depends on how I fix this. In this case, I\u2019m just going to touch the file to create it. Now when I run the script (.\/open-silent.pl) it does not output any error messages. \ud83d\ude42<\/p>\n\n\n<h2 class=\"wp-block-heading\"><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>What is strace? Strace is a \u201csystem call trace\u201d program. It attaches to a process and tracks system calls and signals made to and from it (and possibly it\u2019s children). There are limitations to strace, some of which are detailed below. However, strace can be a very valuable tool for determining the root cause of [&hellip;]<\/p>\n","protected":false},"author":77,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[61],"tags":[],"class_list":["post-21552","post","type-post","status-publish","format-standard","hentry","category-tips-and-tricks"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Starting with Strace | cPanel<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Starting with Strace | cPanel\" \/>\n<meta property=\"og:description\" content=\"What is strace? Strace is a \u201csystem call trace\u201d program. It attaches to a process and tracks system calls and signals made to and from it (and possibly it\u2019s children). There are limitations to strace, some of which are detailed below. However, strace can be a very valuable tool for determining the root cause of [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/\" \/>\n<meta property=\"og:site_name\" content=\"cPanel\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cpanel\/\" \/>\n<meta property=\"article:published_time\" content=\"2014-09-04T18:00:00+00:00\" \/>\n<meta name=\"author\" content=\"cPanel Community\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cPanel\" \/>\n<meta name=\"twitter:site\" content=\"@cPanel\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"cPanel Community\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"19 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/\",\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/\",\"name\":\"Starting with Strace | cPanel\",\"isPartOf\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\"},\"datePublished\":\"2014-09-04T18:00:00+00:00\",\"dateModified\":\"2014-09-04T18:00:00+00:00\",\"author\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\"},\"breadcrumb\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/devel.www.cpanel.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Starting with Strace\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\",\"url\":\"https:\/\/devel.www.cpanel.net\/\",\"name\":\"cPanel\",\"description\":\"Hosting Platform of Choices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/devel.www.cpanel.net\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\",\"name\":\"cPanel Community\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"caption\":\"cPanel Community\"},\"description\":\"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel &amp; WHM their hosting platform of choice. For more information, visit cPanel.net.\",\"sameAs\":[\"https:\/\/cpanel.net\"],\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Starting with Strace | cPanel","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/","og_locale":"en_US","og_type":"article","og_title":"Starting with Strace | cPanel","og_description":"What is strace? Strace is a \u201csystem call trace\u201d program. It attaches to a process and tracks system calls and signals made to and from it (and possibly it\u2019s children). There are limitations to strace, some of which are detailed below. However, strace can be a very valuable tool for determining the root cause of [&hellip;]","og_url":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/","og_site_name":"cPanel","article_publisher":"https:\/\/www.facebook.com\/cpanel\/","article_published_time":"2014-09-04T18:00:00+00:00","author":"cPanel Community","twitter_card":"summary_large_image","twitter_creator":"@cPanel","twitter_site":"@cPanel","twitter_misc":{"Written by":"cPanel Community","Est. reading time":"19 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/","url":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/","name":"Starting with Strace | cPanel","isPartOf":{"@id":"https:\/\/devel.www.cpanel.net\/#website"},"datePublished":"2014-09-04T18:00:00+00:00","dateModified":"2014-09-04T18:00:00+00:00","author":{"@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8"},"breadcrumb":{"@id":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/starting-with-strace\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/devel.www.cpanel.net\/"},{"@type":"ListItem","position":2,"name":"Starting with Strace"}]},{"@type":"WebSite","@id":"https:\/\/devel.www.cpanel.net\/#website","url":"https:\/\/devel.www.cpanel.net\/","name":"cPanel","description":"Hosting Platform of Choices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devel.www.cpanel.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8","name":"cPanel Community","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","caption":"cPanel Community"},"description":"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel &amp; WHM their hosting platform of choice. For more information, visit cPanel.net.","sameAs":["https:\/\/cpanel.net"],"url":"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/21552"}],"collection":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/users\/77"}],"replies":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/comments?post=21552"}],"version-history":[{"count":0,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/21552\/revisions"}],"wp:attachment":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/media?parent=21552"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/categories?post=21552"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/tags?post=21552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}