strace Use Example - The Hidden Config File Lets suppose that we want to configure an application with a modified config file, only that we don't know the file's name. A-ha! we can strace it, filtering for 'open' syscall invocations: open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) open("/opt/xmps/lib/i586/mmx/libldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/opt/xmps/lib/i586/libldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/opt/xmps/lib/mmx/libldap.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) [.. some messages snipped ..] open("/etc/pine.conf", O_RDONLY) = 3 open("/home/choo/.pinerc", O_RDONLY) = 3 open("/etc/pine.conf.fixed", O_RDONLY) = 3 [ .. more messages snipped ..] As you can see, 'pine' opens 3 suspicious files - /etc/pine.conf, /home/choo/.pinerc and /etc/pine.conf.fixed . We can probably assume that the order of opening them, is the order in which they override each other's contents.