Menu
I want to use the inotify mechanism on Linux. I want my application to know when a file aaa was changed. Can you please provide me with a sample how to do that?
483
With Inotify, anti-virus detectors re-scan the file system for modified files to detect if any malicious intrusions have occurred. This kind of applications use a user-space device through which Inotify events are triggered between the kernel and user-space applications.
DESCRIPTION top. The inotify API provides a mechanism for monitoring filesystem events. Inotify can be used to monitor individual files, or to monitor directories. When a directory is monitored, inotify will return events for the directory itself, and for files inside the directory.
As a conclusion of this article you should be aware of Inotify as an efficient way to trace events in the filesystem on Linux. Whereas polling introduces a delay in handling data the Inotify framework provides an option to handle, debug and monitor filesystem activities just as an event takes place.
That's due to the partitions on the key. However, sometimes inotify catches only the events for creation and deletion of the first folder, but misses the creation of the second.
The inotify C API
inotify provides three system calls to build file system monitors of all kinds:
inotify_init() creates an instance of the inotify subsystem in the kernel and returns a file descriptor on success and -1 on failure. Like other system calls, if inotify_init() fails, check errno for diagnostics.inotify_add_watch(), as its name implies, adds a watch. Each watch must provide a pathname and a list of pertinent events, where each event is specified by a constant, such as IN_MODIFY. To monitor more than one event, simply use the logical or — the pipe (|) operator in C—between each event. If inotify_add_watch() succeeds, the call returns a unique identifier for the registered watch; otherwise, it returns -1. Use the identifier to alter or remove the associated watch.inotify_rm_watch() removes a watch.The read() and close() system calls are also needed. Given the descriptor yielded by inotify_init(), call read() to wait for alerts. Assuming a typical file descriptor, the application blocks pending the receipt of events, which are expressed as data in the stream. The common close() on the file descriptor yielded from inotify_init() deletes and frees all active watches as well as all memory associated with the inotify instance. (The typical reference count caveat applies here, too. All file descriptors associated with an instance must be closed before the memory consumed by the watches and by inotify is freed.)
#include "inotify.h" #include "inotify-syscalls.h" int wd; wd = inotify_add_watch (fd, "/home/rlove/Desktop", IN_MODIFY | IN_CREATE | IN_DELETE); if (wd < 0) perror ("inotify_add_watch");
This example adds a watch on the directory /home/rlove/Desktop for any modifications, file creations or file deletions.
161
Below is a snippet of how you can use inotify to watch "aaa". Note that I haven't tested this, I haven't even compiled it! You will need to add error checking to it.
Instead of using a blocking read you can also use poll/select on inotfd.
const char *filename = "aaa"; int inotfd = inotify_init(); int watch_desc = inotify_add_watch(inotfd, filename, IN_MODIFY); size_t bufsiz = sizeof(struct inotify_event) + PATH_MAX + 1; struct inotify_event* event = malloc(bufsiz); /* wait for an event to occur */ read(inotfd, event, bufsiz); /* process event struct here */ If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
