Re: watching a file for ownership change
From: Bruce M Simpson (bms_at_spc.org)
Date: 05/22/05
- Previous message: Seán C. Farley: "Re: Porting on FreeBSD 53"
- In reply to: Charles Sprickman: "watching a file for ownership change"
- Next in thread: Marco Molteni: "Re: watching a file for ownership change"
- Reply: Marco Molteni: "Re: watching a file for ownership change"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 22 May 2005 04:05:50 +0100 To: Charles Sprickman <spork@fasttrackmonkey.com>
On Sat, May 21, 2005 at 10:38:30PM -0400, Charles Sprickman wrote:
> I'd like to find a way to watch one of the user's maildirsize files that
> seems to flip ownerships at least once a day and try to determine what
> process is changing the ownership.
> How can I do that without dropping a bunch of daemons on a production
> machine into heavy-debug mode? OS is 4.8 with all current patches.
You could try watching kevent() on the file for EVFILT_VNODE with NOTE_ATTRIB.
You'd need to write a small C program to do this.
Whilst this won't tell you who did what, it could give you sufficiently
good timestamps from it happening to begin tracking the culprit down further,
perhaps using lsof.
BMS
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
- Previous message: Seán C. Farley: "Re: Porting on FreeBSD 53"
- In reply to: Charles Sprickman: "watching a file for ownership change"
- Next in thread: Marco Molteni: "Re: watching a file for ownership change"
- Reply: Marco Molteni: "Re: watching a file for ownership change"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
