Menu
For an application I'm writing, I want to know which all processes are accessing a particular file and dump that information into a Log file. In the end one of the processes will be deleting this file, I would want to know the Process name for that too.
I can use the INotify library to monitor the file access, but it does not give me the process name which is accessing the file. This might be possible using the Auditctl package on linux as well but I can't use this option as well :-(
Actually it is a controlled environment for some reasons the end customer is ready to run a program but not ready to install new packages or make changes to the existing utilities.
400
It is not possible to reliably audit directly attached file access in Linux from userspace alone.
You could poll with lsof but you would risk not detecting accesses between polling. The purpose of the original dnotify module (obsoleted by inotify...) was to avoid having to incur the overhead of polling and to avoid loosing events. The audit system gives user identification at the time of file open.
If you can move the file to an NFS server, then you can use the NFS logging to record access to the file.
The customer could be correct about not installing new packages if this is a production server or if it is a development server that is about to go live. You should consider asking for authorization to set up auditing on the next development or testing server.
130
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
