how to tell what ran what

Aaron Peterson lloyd.peterson at
Wed Feb 15 13:32:38 PST 2006

On 2/15/06, Glenn McCalley <techlist at> wrote:
> ----- Original Message -----
> From: "Björn König" <bkoenig at>
> To: "Glenn McCalley" <techlist at>
> Cc: <freebsd-questions at>
> Sent: Wednesday, February 15, 2006 11:13 AM
> Subject: Re: how to tell what ran what
> > Glenn McCalley schrieb:
> >
> > > Is there a way to find out -which- -process- calls another process?
> >
> > Each process is associated with a parent; look at the ppid column:
> >
> >    ps axo user,pid,ppid,command
> >
> > Björn
> >
> >
> Thanks, I stated the question poorly.  My fault.
> Is historical info available and is it available by file name?
> I trying to find out (for example) what (unknown) program ran another
> (known) program between 0900 and 1000 yesterday - something like that.
> I've got a customer sending our emails that he shouldn't - I don't know
> which customer it is.  The program that sends the mail is running as a cgi
> so it all shows up as user "nobody".
> If I can get a list of what programs, path and file name, called sendmail
> over (say) the last 24 hours, one of them should jump off the page with an
> unreasonable level of activitiy.
> Thanks!
> Glenn.

Perhaps I'm missing something, but if a script is being called via CGI
it would need to be called by a process running as user "nobody" in
your case (like a web server).  In which case, you probably will never
know who called it, but you might get their IP address from the web
server access logs as has already been mentioned...  If you have a
server with multiple accounts for say, shared web hosting, you should
definitely grep through their scripts for something like "mail" to
look for the person who installed scripts with mailing functions... 
anyhow, wish you luck :-)


More information about the freebsd-questions mailing list