Monitoring a file?
Marty Landman
MLandman at face2interface.com
Sat Nov 22 16:06:58 PST 2003
At 05:58 PM 11/22/2003, Cordula's Web wrote:
> A file, let's say, /path/to/a/file, is being modified by
> an unknown process P(u) at random times. Unfortunately,
> the name of the program ran by P(u) is unknown.
Being a newbie I'm going against my better judgement by offering my
thoughts. The problem though sounds too interesting to pass up.
I'd think the failsafe way to approach this is with a wrapper so that when
process P accesses file F it's really accessing W(F), i.e. a software
wrapper which would then emulate F, only since W's a pgm it can also log
the activity as well as reply to P with basically whatever you want it to
reply with.
Would ln(1) be able to serve as the setup for W? I've only done soft links
for directory aliasing on websites. So I don't know if you can get away
with e.g. having a shebang line on top W and expect it to execute; if you
could work it that way though you'd be golden afaict. Rereading this I
realize for W to work it'd also have to be able to know who P is, i.e. the
process and what it was wanting to do so it could emulate it. Or is there a
way to just have W pass F on to P after logging the activity? And why do I
suddenly crave a bowl of alphabet soup?
BTW isn't this the basic concept behind jail(8), only you'd be jailing a
file rather than a process?
Just my two cents, hope it's worth it.
Marty Landman Face 2 Interface Inc 845-679-9387
Sign On Required: Web membership software for your site
Make a Website: http://face2interface.com/Home/Demo.shtml
More information about the freebsd-questions
mailing list