Monitoring a file?

Marty Landman MLandman at
Sat Nov 22 16:06:58 PST 2003

At 05:58 PM 11/22/2003, Cordula's Web wrote:

>   A file, let's say, /path/to/a/file, is being modified by
>   an unknown process P(u) at random times. Unfortunately,
>   the name of the program ran by P(u) is unknown.

Being a newbie I'm going against my better judgement by offering my 
thoughts. The problem though sounds too interesting to pass up.

I'd think the failsafe way to approach this is with a wrapper so that when 
process P accesses file F it's really accessing W(F), i.e. a software 
wrapper which would then emulate F, only since W's a pgm it can also log 
the activity as well as reply to P with basically whatever you want it to 
reply with.

Would ln(1) be able to serve as the setup for W? I've only done soft links 
for directory aliasing on websites. So I don't know if you can get away 
with e.g. having a shebang line on top W and expect it to execute; if you 
could work it that way though you'd be golden afaict. Rereading this I 
realize for W to work it'd also have to be able to know who P is, i.e. the 
process and what it was wanting to do so it could emulate it. Or is there a 
way to just have W pass F on to P after logging the activity? And why do I 
suddenly crave a bowl of alphabet soup?

BTW isn't this the basic concept behind jail(8), only you'd be jailing a 
file rather than a process?

Just my two cents, hope it's worth it.

Marty Landman   Face 2 Interface Inc 845-679-9387
Sign On Required: Web membership software for your site
Make a Website:

More information about the freebsd-questions mailing list