See how a program talks to the kernel and fix crashes, permission errors and I/O surprises. 07.05.2026 | reading time: 2 min strace records the system calls and signals a process issues so the admin can see exactly what the kernel sees; use it to find missing files, permission denials, failed execs and unexpected I/O patterns. Quick reproduction to inspect a permission error A service fails with "Permission denied" while opening a config file; run strace to find the exact path and failure: ```strace -o /tmp/trace.txt -f -e trace=openat,execve -s 256 ./myapp``` then examine the trace: ```execve("./myapp", ["./myapp"], 0x7ffd7...) = 0 openat(AT_FDCWD, "/etc/myapp.conf", O_RDONLY) = -1 EACCES (Permission denied) openat(AT_FDCWD, "/home/user/.myapprc", O_RDONLY) = 3 ``` and fix permissions or relocate the file. Common switches that matter Use `-f` to follow forks, `-o file` to write output for later inspection, `-e trace=` to filter syscall classes and `-s` to increase string capture length; combine `-p PID` to attach to a running process and `-c` to get a syscall summary with counts and timings. When strace changes behavior Because strace attaches with the ptrace facility it can alter timing and memory layout; it is ideal for deterministic bugs and permission checks but be cautious when tracing race conditions or real-time applications. Related tooling in practice For library calls or function-level traces use ltrace; for performance hotspots combine strace findings with perf; and for auditing on production systems consider auditd to collect syscall-based rules without interactive attachment. Use the outputs: grep error strings, count repeated failures with `-c`, and correlate timestamps with system logs to turn a noisy trace into a concise remediation plan. Join Bits & Bytes Academy First class LINUX exam preparation. troubleshooting processes security utilities scripting
