Reputation: 1171
How to know which process is changing a file in linux
I'm using an automation tool to build a virtual machine. During the this automation a config file (/etc/myprogram/cofig.ini) is becoming empty.
This file's contents are required complete the automation, but I'm clueless which process is emptying the file.
I want to monitor a file and list the name of processes changed the contents of the file.
I'm using Ubuntu 16.04.
I saw some questions in Stackoverflow but did help. I tried to use audictl inotify and watchdog . Please let me know any better way to do this. Is there a way to do this using python.
Upvotes: 1
Views: 6122
Answers (2)
Reputation: 141
you can use lsof. this command is for find out what processes currently have the file open.
if process opening the file, writing to it, and then closing it you can use auditing.
/sbin/auditctl -w /etc/myprogram/cofig.ini -p war -k config.ini-file
-w watch etc/myprogram/cofig.ini
-p warx watch for write, attribute change, execute or read events
-k config.ini-file is a search key.
wait till the file change then use
/sbin/ausearch -f /etc/myprogram/cofig.ini | more
Upvotes: 4
Reputation: 6158
The lsof command will show what processes are using which files:
lsof | grep <filename>
Upvotes: 3
Related Questions
- inotify - how to find out which user has modified file?
- Can iNotify tell me where a monitored file is moved?
- How to check if a file is open and/or being edited in Linux
- Any ways to show file changes (with pyinotify for example)?
- how to make pyinotify to run a program on any modification over a file?
- log who creates files in a directory, maybe using inotify
- Which process was responsible for an event signalled by inotify?
- Is it possible to identify what process is changing a file with FileSystemWatcher?
- pyinotify: Handling IN_MODIFY triggers
- How to monitor the change of a process's working directory?