From 14818ae3e1f41a9266def200dcbd170ea6b51a3e Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Tue, 19 Jun 2018 17:03:59 +0200
Subject: add -u to print owner of process

---
 README    |  6 ++++--
 extrace.1 |  6 ++++--
 extrace.c | 20 ++++++++++++++++++--
 3 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/README b/README
index c030e9f..ca55be0 100644
--- a/README
+++ b/README
@@ -4,7 +4,7 @@ NAME
      extrace – trace exec() calls system-wide
 
 SYNOPSIS
-     extrace [-deflqt] [-o file] [-p pid | cmd ...]
+     extrace [-deflqtu] [-o file] [-p pid | cmd ...]
 
 DESCRIPTION
      extrace traces all program executions occurring on a system.
@@ -25,6 +25,8 @@ DESCRIPTION
 
      -t      Also display process exit status and duration.
 
+     -u      Also display the user running the process.
+
      -o file
              Redirect trace output to file.
 
@@ -68,4 +70,4 @@ BUGS
 LICENSE
      extrace is licensed under the terms of the GPLv2.
 
-Void Linux                       June 13, 2016                      Void Linux
+Void Linux                       June 19, 2018                      Void Linux
diff --git a/extrace.1 b/extrace.1
index d84050c..7cec42d 100644
--- a/extrace.1
+++ b/extrace.1
@@ -1,4 +1,4 @@
-.Dd June 13, 2016
+.Dd June 19, 2018
 .Dt EXTRACE 1
 .Os
 .Sh NAME
@@ -6,7 +6,7 @@
 .Nd trace exec() calls system-wide
 .Sh SYNOPSIS
 .Nm
-.Op Fl deflqt
+.Op Fl deflqtu
 .Op Fl o Ar file
 .Op Fl p Ar pid | cmd\ ...
 .Sh DESCRIPTION
@@ -35,6 +35,8 @@ Suppress printing of
 arguments.
 .It Fl t
 Also display process exit status and duration.
+.It Fl u
+Also display the user running the process.
 .It Fl o Ar file
 Redirect trace output to
 .Ar file .
diff --git a/extrace.c b/extrace.c
index a1ec370..b7eb37e 100644
--- a/extrace.c
+++ b/extrace.c
@@ -3,7 +3,7 @@
  * Requires CONFIG_CONNECTOR=y and CONFIG_PROC_EVENTS=y.
  * Requires root or "setcap cap_net_admin+ep extrace".
  *
- * Usage: extrace [-deflq] [-o FILE] [-p PID|CMD...]
+ * Usage: extrace [-deflqu] [-o FILE] [-p PID|CMD...]
  * default: show all exec(), globally
  * -p PID   only show exec() descendant of PID
  * CMD...   run CMD... and only show exec() descendant of it
@@ -13,6 +13,7 @@
  * -f       flat output: no indentation
  * -l       print full path of argv[0]
  * -q       don't print exec() arguments
+ * -u       print user of process
  *
  * Copyright (C) 2014-2018 Leah Neukirchen <leah@vuxu.org>
  *
@@ -56,11 +57,13 @@
 #include <linux/netlink.h>
 
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 
 #include <fcntl.h>
 #include <limits.h>
+#include <pwd.h>
 #include <signal.h>
 #include <stdint.h>
 #include <stdio.h>
@@ -93,6 +96,7 @@ int show_args = 1;
 int show_cwd = 0;
 int show_env = 0;
 int show_exit = 0;
+int show_user = 0;
 FILE *output;
 sig_atomic_t quit = 0;
 #define CPU_MAX 4096
@@ -350,6 +354,17 @@ handle_msg(struct cn_msg *cn_hdr)
 			strncpy(pid_db[i].cmdline, cmdline, CMDLINE_DB_MAX-1);
 			pid_db[i].cmdline[CMDLINE_DB_MAX-1] = 0;
 		}
+		if (show_user) {
+			struct stat st;
+			struct passwd *p;
+
+			if (fstat(proc_dir_fd, &st) < 0)
+				st.st_uid = -1;
+			if ((p = getpwuid(st.st_uid)))
+				fprintf(output," <%s>", p->pw_name);
+			else
+				fprintf(output," <%d>", st.st_uid);
+		}
 		putc(' ', output);
 		if (show_cwd) {
 			print_shquoted(cwd);
@@ -429,7 +444,7 @@ main(int argc, char *argv[])
 
 	output = stdout;
 
-	while ((opt = getopt(argc, argv, "+deflo:p:qtw")) != -1)
+	while ((opt = getopt(argc, argv, "+deflo:p:qtwu")) != -1)
 		switch (opt) {
 		case 'd': show_cwd = 1; break;
 		case 'e': show_env = 1; break;
@@ -446,6 +461,7 @@ main(int argc, char *argv[])
 			}
 			break;
 		case 'w': /* obsoleted, ignore */; break;
+		case 'u': show_user = 1; break;
 		default: goto usage;
 		}
 
-- 
cgit 1.4.1