Reputation: 1232
Best approach to detecting a move or rename to a file in Linux?
Some solution could probably be applicable to Windows, however I am not familiar with the Windows OS, so this will be Linux focused.
As far as I understand, Unix file system all have the concept of inodes, which is where the file system metadata and the "file" is stored. Thus I am wondering if it is possible to use the inode number with some additional information to track files that are renamed or moved around?
What I was proposing to do was have an initial scan that would create a database of filename/path, their disk/drive that it is located on, their inode number, and finally some sort of checksum (sha-1).
This would enable the system to be able to use the inode number to quickly detect if a file got moved or renamed, then it would follow up with the checksum to check to see if its actually the same file.
I can see some possible problems with this scheme:
- Files could be modified then moved/renamed, and this would fail to detect it because the checksum would not match.
- Some (most?) application when they modify the file will create a new temporary file and then switch it with the current one, thus the inode wouldn't match anyway even if the file is in the end unmodified....
- Would need to store which device/file system it is on because inodes on each file system is unique to that file system.
- Would need to deal with hard-links
I am wondering if there is any other gotchas that I am forgetting about here? I was hoping to be able to use the inodes to quickly track down which files got moved or renamed, then follow up with a checksum to confirm that it is actually the same file.
Upvotes: 4
Views: 1863
Answers (3)
Reputation: 31
logroate use mv command, there have a article to explain why the fd not change when the file be moved
How do the UNIX commands mv and rm work with open files?
Upvotes: 0
Reputation: 91983
Notice that this will be filesystem dependent. It is doable in ext3 and similar filesystems, but maybe not in others. This is probably also a rather resource hungry operation since it needs to scan through the disk to check all inodes, so you need to look up a solution to be notified when inodes are changed (instead of scanning through them all).
Upvotes: 0
Reputation: 182880
Look into inotify which allows you to get a call when anybody does anything to files in a specified file system or directory.
Upvotes: 8
Related Questions
- How to monitor that the filesystem pathname is renamed in C or inotify?
- how detect file change or remove in linux system
- Can i monitor the file re-name event on linux?
- How to efficiently monitor a directory for changes on linux?
- Is it possible to detect if a file has been moved in Python?
- How to check if an opened file has been moved or removed by another process
- How do you detect that a file you have opened has been moved after opening
- how to detect if a file operation is currently done on a file on linux
- Issue with detecting file moves using inotify.
- Is there a way to identify that a file has been modified and moved?