watching a file for ownership change
Bruce M Simpson
bms at spc.org
Mon May 23 19:33:15 GMT 2005
On Sat, May 21, 2005 at 10:38:30PM -0400, Charles Sprickman wrote:
> I'd like to find a way to watch one of the user's maildirsize files that
> seems to flip ownerships at least once a day and try to determine what
> process is changing the ownership.
> How can I do that without dropping a bunch of daemons on a production
> machine into heavy-debug mode? OS is 4.8 with all current patches.
You could try watching kevent() on the file for EVFILT_VNODE with NOTE_ATTRIB.
You'd need to write a small C program to do this.
Whilst this won't tell you who did what, it could give you sufficiently
good timestamps from it happening to begin tracking the culprit down further,
perhaps using lsof.
BMS
More information about the freebsd-hackers
mailing list