Hi ,
Can anyone tel me how to read the content of /usr/bin/rm file and pls tell me is it possible to edit that file???
Hi.
The file is a binary.:
# file /usr/bin/rm
/usr/bin/rm: ELF 32-bit MSB executable SPARC Version 1, dynamically linked, stripped
It would not be a good idea to edit it!
# strings /usr/bin/rm
SUNW_OST_OSCMD
frRi
usage: rm [-fiRr] file ...
getrlimit
rm of %s is not allowed
rm: %s is a directory
rm: remove %s (%s/%s)?
rm: %s: override protection %o (%s/%s)?
rm: %s not removed:
rm: examine files in directory %s (%s/%s)?
rm: cannot read directory %s:
rm: Insufficient memory.
%s/%s
rm: cannot read directory %s:
rm: cannot change to parent of directory %s:
rm: Cannot remove any directory in the path of the current working directory
rm: remove %s: (%s/%s)?
rm: Unable to remove directory %s:
rm: cannot determine if this is an ancestor of the current working directory
rm: Insufficient memory.
rm: Insufficient memory.
%s/%s
rm: strdup:
rm: cannot change to %s directory:
rm: cannot change to starting directory:
rm: cannot open starting directory:
rm: cannot stat current directory:
rm: Insufficient memory.
Hi,
thanks for immediat response... i too got that but not able to understand wat it says.. 
if possible pls explain it.
Hi.
Which bit don't you understand, why do you need to understand it, or care about it?
/usr/bin/rm: ELF 32-bit MSB executable SPARC Version 1, dynamically linked, stripped
I'm planning to make a recyclebin (to recover deleted files using fssnap, since im planning to do project on this for ma PG) i don know hw to proceed further. that script is very different and i'm new to Solaris, Having less experience. help me out.....
rm is a system command, you can't edit it, you should not try and edit it.
what you want to do is replace it with a new command that copies the file to a special "recycle bin" folder.
so...
recycle.sh:
#!/bin/sh
cp -p $1 /recycle/.
then we use an alias:
alias rm recycle.sh
the above is NOT a full solution, it is only a guide.
thanks...
i wil get back shortly with more doubts..
Replacing the rm command does only part of the job. It does not help if a compiled program deletes a file via system call. There are also shells (like ksh93) which have a builtin rm command,
It's the same like under Windows, where the recycle bin is a feature of the graphical shell, not the operating system. If you open a command window and delete a file, then it is gone and not in the recycle bin.
HI hergp...
thn hw to proceed further.. can u brife it... as said earlier i was planning to create an alias rm.
Can you elaborate, in which cases the recycle bin should work and in which not?
Creating an alias to your own shell script (as robsonde suggested) works only for scripts or interactive shells that use this alias -> all others ... no effect
Replacing /usr/bin/rm with a script to place the file in the recylce bin works for all scripts and interactive shells -> no effect on compiled programs or shells with builtin rm command. And I doubt that it is such a great idea to replace an operating system command.
Writing a kernel module which intercepts the unlink system call and places the files to be deleted in the recycle bin -> effect on the whole system, but extremly high sophisticated and with a lot of side effects.
So, what should it be?
If you are running Solaris 10 or newer, dtrace allows a userland implementation of such a kernel module:
#!/bin/ksh
[[ ! -d /var/tmp/trashcan ]] && pfexec mkdir /var/tmp/trashcan
export IFS="$(printf "\t")"
dtrace -qwn '
syscall::fsat:entry /arg0 == 5/ {
printf("%d\t%d\t%d\t%s\t%s\n", walltimestamp, pid, uid, cwd, copyinstr(arg2));
stop()
}
syscall::unlink:entry {
printf("%d\t%d\t%d\t%s\t%s\n", walltimestamp, pid, uid, cwd, copyinstr(arg2));
stop()
}' | while read walltimestamp pid uid cwd filename
do
save=/var/tmp/trashcan/$(basename $filename).$(date +%Y%m%d-%H%M%S)
cd $cwd
echo "$walltimestamp: $uid [$cwd] [$filename]" >> /var/tmp/trashcan/logs
cp "$filename" "$save"
prun $pid
done
File removal performance will be strongly impacted by this script. Moreover, beware of disk full situations that might quickly happen should you let it running forever.
2 Likes
Great use of dtrace, jlliagre! Thanks for the idea.
HI Jiliarge,
Could you pls explain the wat it does and wat should i do... still am a student in Solaris 
It does precisely what hergp suggested: "Writing a kernel module which intercepts the unlink system call and places the files to be deleted in the recycle bin".
The recycle bin is /var/tmp/trashcan. Every deleted file is placed there suffixed by its deletion date.
A log file, /var/tmp/trashcan/log, is telling who deleted what and when.
Jlliarge, thanks for quick reply, i got it... one more doubt how to implment it. whethre the above script will automatically does as u said while executing rm cmd??? or pls suggest how to proceed further....
You simply need to run it as root and it should just do what I described.
i saved it in the name trashcan.sh and changed the permission to 777. wen i run it nothing was happening and i tried running it in backgroud and tried deleting a file but i got the following error.
dtrace: error on enabled probe ID 2 (ID 53577: syscall::unlink:entry): invalid a ddress (0xa54a) in action #5 at DIF offset 28
Yes. That's a tricky intermittent issue with dtrace usually avoided by acting in the return clause instead of the entry one. The problem is if I wait for unlink to return, the file is gone and I can't save it ...
how to fix it
It's not a dtrace bug but a known and explained limitation. It should be done differently if you need a reliable solution.