Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
There is a file in our system and I am trying to find which user changed the permission of that file from XXX to something YYY , I tried googling which ended up in results that was no close to a answer for my question.
Even if there is no way to find who modified the permission to a file , is it possible to find at what time the permission was modified .
There is a file in our system and I am trying to find which user changed the permission of that file from XXX to something YYY , I tried googling which ended up in results that was no close to a answer for my question.
Even if there is no way to find who modified the permission to a file , is it possible to find at what time the permission was modified .
Thanks,
The only reliable way I can think of to do this is to monitor the file with a frequently executed cron task and, when the file changes, find out who is logged on at that moment.
Another approach is to make the file modifiable only by root. Such a file can be make readable by anyone, but only modifiable by a select few.
Its hard to find out who changed the file permissions. You can use access lists to control who can change what, also you can find certain file permissions types, like if you are looking for any permissions that are 777. Also you can look ether manually or through scripting on users history's . As far as checking when the file was changed you can use the ctime (ls -clt). The only catch with ctime is it also takes into account if the file has been changed.
ls -clt and ls -lt shows only the date on which the file's content is modified , I consulted my friends in here and no one seems to know about a way to find who/when last changed the file permissions . But my hope still lays on a few who said that they have previously had some exposure to something exactly what am looking for , so i thought someone from LQ would have came across the same situation like me , I am still positive that I will get some responses here.
(michael, total users:4)-(jobs:0: processes: 45)-(~/workspace)-(04:49 AM)
(!561)->ls -clt
total 198296
-rw-r--r-- 1 michael users 16 Oct 6 04:49 test
-rwxr-xr-x 1 michael users 101861 Oct 6 02:41 winetricks
-rw-r--r-- 1 michael users 202942242 Oct 6 02:34 fp9_archive.zip
(michael, total users:4)-(jobs:0: processes: 45)-(~/workspace)-(04:49 AM)
(!562)->chmod +x test
(michael, total users:4)-(jobs:0: processes: 45)-(~/workspace)-(04:50 AM)
(!563)->ls -clt
total 198296
-rwxr-xr-x 1 michael users 16 Oct 6 04:50 test
-rwxr-xr-x 1 michael users 101861 Oct 6 02:41 winetricks
-rw-r--r-- 1 michael users 202942242 Oct 6 02:34 fp9_archive.zip
(michael, total users:4)-(jobs:0: processes: 45)-(~/workspace)-(04:50 AM)
(!564)->ls -alt
total 198304
drwxr-xr-x 2 michael users 4096 Oct 6 04:49 .
-rwxr-xr-x 1 michael users 16 Oct 6 04:49 test
drwx--x--x 53 michael users 4096 Oct 6 02:41 ..
-rwxr-xr-x 1 michael users 101861 Sep 13 06:42 winetricks
-rw-r--r-- 1 michael users 202942242 Jul 28 11:21 fp9_archive.zip
The ctime is different then the mtime. ctime show when the file was changed in anyway(including the permissions), the meta data in ext dose not keep track of who changed it. So your best luck is to check to see when ctime and mtime are difference then cross reference that with which users where logged in(which you should find log in times from your logs). What I dont get is why you need to know this ?
if you use Process Accounting on Linux you might find out who executed the chmod command against that file..it is not a direct solution..but it might help
I am at work right now , I will reply with a detailed snapshot from my home computer coz I dont want to post a snapshot of a shell from a protected environment , I am looking to find this out as one of the major tool failed in accessing(or failed to write into) a log file and there are many reasons for the same and one of which is possibly someone might have changed the permissions to the log file,
[test@ramkarthik ~]$ date
Tue Oct 6 18:29:41 IST 2009
[test@localhost ~]$ ls -clt
-rw-r-xr-- 1 test test 0 2009-10-06 18:27 file
[test@localhost ~]$ vi file
[test@localhost ~]$ ls -clt file
-rwxrw-r-- 1 test test 3 2009-10-06 18:31 file
[test@localhost ~]$ date
Tue Oct 6 18:31:47 IST 2009
[test@localhost ~]$ date
Tue Oct 6 18:32:47 IST 2009
[test@localhost ~]$ chmod 455 file
[test@localhost ~]$ ls -clt file
-r--r-xr-x 1 test test 3 2009-10-06 18:32 file
1.I did edit the contents to the file and the change(timestamp) reflected in ls -clt
2.I did change the permission of the file and the change(timestamp) reflected in ls -clt
But how do I find for which one among the above changes caused the change in the timestamp
I did check process accounting concept but the server in which i am trying to find the timestamp of chmod execution has process accounting disabled .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
