How do I monitor a file or directory to see which user or program has accessed or modified data? Resolution The Linux Audit system audit package can be used to accomplish this task. The permission are any one of the following: r - read of the file w - write to the file x - execute the file a - change in the file's attribute -k sets a filter key on an audit rule. The filter key is an arbitrary string of text that can be up to 31 bytes long. It can uniquely identify the audit records produced by a rule.
The auditd service must be restarted after any changes are made, also ensure that it is set to run on boot. This is logged with the key monitor-hosts. Also, the timestamp can be converted into readable form. Log in to comment. Thank you. Add a comment.
Active Oldest Votes. Delete removed user's home directory. Delete every file in the output of previous command. Quote from Tim Pierce's answer on this question: xarg reads lines on standard input and turns them into command-line arguments, so you can effectively pipe data to the command line of another program.
Improve this answer. Community Bot 1. If you run that find I would do the bare find first, you may have other unowned files on your system that shoud belong to someone else instead of being deleted.
Jasen, thank you, but that didn't work. Using rm is best in my mind, because it will delete folders too. About shared files: Shared files can't be "unowned". Show 3 more comments. Or simpler, in the current directory: sudo find.
Jaleks 2, 1 1 gold badge 14 14 silver badges 30 30 bronze badges. Hugo Hugo 1. Sign up or log in Sign up using Google. Sign up using Facebook. I'll give you a vote for the technicality, but people would generally say "not owned by anyone" if they meant what you were interpreting. Shibumi - Yeah, sounds about right for those splitting hairs.
The problem I faced was, I needed to find files literally not owned by any user. It surfaced after a web server refresh and migration. Ignacio Vazquez-Abrams Ignacio Vazquez-Abrams k gold badges silver badges bronze badges. Downvoted because it doesn't add anything to the accepted answer, and it masks other possible answers such as the zsh glob pattern below. Crayon Violent Crayon Violent It is true that the command above will not list dot files, even with the -a flag because of the wildcard expansion.
To catch dot files use the zsh dotglob option: setopt dotglob. The parentheses are to run in a subshell so that you don't have to run setopt nodotglob after you've finished.
Thank you. That's a much better option than having to use setopt if it will be a one-time usage. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name.
0コメント