How to find what all files are accessed by an application or vice versa

"Opensnoop" command helps in file system monitoring activities ex if we want to know what all files are accessed by an application or which all processes access a particular file then opensnoop will help you in that activity.

Ex 1:

Let us say if we want to know what all files are accessed by firefox in its operation time on mac os x then run opensnoop in sudo or root mode as below

sudo opensnoop -n firefox 


Note : We can even supply the process id (PID) of an application in place of the application name above by using the -p switch as "sudo opensnoop -p "

Ex 2 :

Let us say if we want to know what all process/applications are accessing a particular file then run the opensnoop command as

sudo opensnoop -f  /Users/user/Documents/Test.txt

Popular posts from this blog

How to disable USB ports on Mac OS X Mavericks, Yosemite or El Capitan ?