how to detect a user who changed a particular file in Linux.
V.Ravikumar
ravikumar.vallabhu at gmail.com
Tue May 17 06:31:06 EDT 2011
On Mon, May 16, 2011 at 7:45 PM, Greg KH <greg at kroah.com> wrote:
> On Mon, May 16, 2011 at 03:02:10PM +0530, V.Ravikumar wrote:
> >
> > Hi all,
> >
> > (Note : I'm writing this mail to this kernel group as I did not find any
> > suitable mechanism in application level for my below need).
> >
> > If a file modified by some user then how can we detect that user who
> modified
> > it.
> >
> > Linux audit was not suitable for my need.
>
> Why not? It should have showed you this exactly.
>
>
For my need, I have to asynchronously notify if a given file was modified
by some user using some program.
As per my understanding for audit , one has to update system specific audit
configuration files(say using some auditd related command line tools) with
given file and it is not suitable for my requirement.
Is there any other ways apart from using SystemTap and auditd command line
tools.
Thanks for all your suggestions so far.
Regards,
Ravikumar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20110517/8b751173/attachment.html
More information about the Kernelnewbies
mailing list