1 <?xml version="1.0" encoding="iso-8859-1"?>
2 <!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
6 <firstname>Andrew</firstname><surname>Tridgell</surname>
8 <orgname>Samba Team</orgname>
13 <title>Tracing samba system calls</title>
16 This file describes how to do a system call trace on Samba to work out
17 what its doing wrong. This is not for the faint of heart, but if you
18 are reading this then you are probably desperate.
22 Actually its not as bad as the the above makes it sound, just don't
23 expect the output to be very pretty :-)
27 Ok, down to business. One of the big advantages of unix systems is
28 that they nearly all come with a system trace utility that allows you
29 to monitor all system calls that a program is making. This is
30 extremely using for debugging and also helps when trying to work out
31 why something is slower than you expect. You can use system tracing
32 without any special compilation options.
36 The system trace utility is called different things on different
37 systems. On Linux systems its called strace. Under SunOS 4 its called
38 trace. Under SVR4 style systems (including solaris) its called
39 truss. Under many BSD systems its called ktrace.
43 The first thing you should do is read the man page for your native
44 system call tracer. In the discussion below I'll assume its called
45 strace as strace is the only portable system tracer (its available for
46 free for many unix types) and its also got some of the nicest
51 Next, try using strace on some simple commands. For example, <command>strace
52 ls</command> or <command>strace echo hello</command>.
56 You'll notice that it produces a LOT of output. It is showing you the
57 arguments to every system call that the program makes and the
58 result. Very little happens in a program without a system call so you
59 get lots of output. You'll also find that it produces a lot of
60 "preamble" stuff showing the loading of shared libraries etc. Ignore
61 this (unless its going wrong!)
65 For example, the only line that really matters in the <command>strace echo
66 hello</command> output is:
69 <para><programlisting>
70 write(1, "hello\n", 6) = 6
71 </programlisting></para>
73 <para>all the rest is just setting up to run the program.</para>
76 Ok, now you're familiar with strace. To use it on Samba you need to
77 strace the running smbd daemon. The way I tend ot use it is to first
78 login from my Windows PC to the Samba server, then use smbstatus to
79 find which process ID that client is attached to, then as root I do
80 <command>strace -p PID</command> to attach to that process. I normally redirect the
81 stderr output from this command to a file for later perusal. For
82 example, if I'm using a csh style shell:
85 <para><command>strace -f -p 3872 >& strace.out</command></para>
87 <para>or with a sh style shell:</para>
89 <para><command>strace -f -p 3872 > strace.out 2>&1</command></para>
92 Note the "-f" option. This is only available on some systems, and
93 allows you to trace not just the current process, but any children it
94 forks. This is great for finding printing problems caused by the
95 "print command" being wrong.
99 Once you are attached you then can do whatever it is on the client
100 that is causing problems and you will capture all the system calls
105 So how do you interpret the results? Generally I search through the
106 output for strings that I know will appear when the problem
107 happens. For example, if I am having touble with permissions on a file
108 I would search for that files name in the strace output and look at
109 the surrounding lines. Another trick is to match up file descriptor
110 numbers and "follow" what happens to an open file until it is closed.
114 Beyond this you will have to use your initiative. To give you an idea
115 of what you are looking for here is a piece of strace output that
116 shows that <filename>/dev/null</filename> is not world writeable, which
117 causes printing to fail with Samba:
120 <para><programlisting>
121 [pid 28268] open("/dev/null", O_RDWR) = -1 EACCES (Permission denied)
122 [pid 28268] open("/dev/null", O_WRONLY) = -1 EACCES (Permission denied)
123 </programlisting></para>
126 The process is trying to first open <filename>/dev/null</filename> read-write
127 then read-only. Both fail. This means <filename>/dev/null</filename> has
128 incorrect permissions.