LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   How to check if someone viewed my files? (https://www.linuxquestions.org/questions/linux-general-1/how-to-check-if-someone-viewed-my-files-571338/)

piokon 07-22-2007 06:05 AM
How to check if someone viewed my files?
 
Hi!

Is there any way of checking if any other user on the same server (same home directory) who has access to my files (normal files with read-write permission) has been reading my files?

Maybe some kind of a log of users browsing my files and viewing them?

Thanks for any help,

Peter

macemoneta 07-22-2007 06:13 AM
No, not really. There is a last access time on files, but it's easily turned off:

ls -lu

Simon Bridge 07-22-2007 06:15 AM
There is usually a log of users logged in and what time. Sometimes network traffic logs can tell what sort of info in requested. Why not ask the sysadmin?

You can also tell if files have been tampered with by checking the timestamps. If someone views a file, the timestamp will say when. Keep a copy when you logout.

Note... anyone with user-access to your home directory is assumed to be reading your files. Do not assume anything else.

Why would this question even come up?

piokon 07-22-2007 07:51 AM
How to turn it off?
 
Quote:
Originally Posted by macemoneta
No, not really. There is a last access time on files, but it's easily turned off:

ls -lu
How should I do that?

Cheers,
Peter

macemoneta 07-22-2007 08:02 AM
Remount the partitions with the noatime option, or add it to /etc/fstab. While the last access time is useful for some types of backup, it is a performance hit. I generally turn it off on all partitions. See 'man mount' and 'man fstab'. For example:

mount -t ext3 /dev/hda3 / -o remount,noatime

piokon 07-22-2007 08:12 AM
Quote:
Originally Posted by macemoneta
Remount the partitions with the noatime option, or add it to /etc/fstab. While the last access time is useful for some types of backup, it is a performance hit. I generally turn it off on all partitions. See 'man mount' and 'man fstab'. For example:

mount -t ext3 /dev/hda3 / -o remount,noatime

Great, thanks a lot!!

Peter

piokon 07-22-2007 01:31 PM
Ommit access timestamp
 
Btw, is there any possibility, that someone viewed my file (e.g. with command more) and didn't change access time - so when I check:
ls -ut
or
stat <file>

I don't see any change??

Cheers,

Peter

macemoneta 07-22-2007 03:26 PM
Yes, that's what I said in post #2.

Simon Bridge 07-22-2007 05:38 PM
... with instructions in post #5

-noatime = no access time. From the mount(8) man page
Code:
noatime
                    Do not update inode access  times  on  this  file  system
                    (e.g,  for  faster  access  on the news spool to speed up
                    news servers).
... do read man pages when you are directed to them.

If the user does not have root access, then this is not a concern unless the admin has used this option on your home partition (to avoid aforesaid performance hit say.) Again: why not ask sysadmin?

If the user does have root access... then your only recourse to guarantee privacy is encryption.

Matir 07-23-2007 01:26 PM
Even encryption does not guarantee privacy, if the encryption is done on the computer (hint: keyloggers, memory dumps, etc.)

If you don't trust root with your work, don't use the system.

Simon Bridge 07-24-2007 03:47 AM
Quote:
Even encryption does not guarantee privacy
... there is no such thing as guaranteed privacy - well not the way you mean it.
Just ask the Pharaohs.

However, there is such a thing as making it annoyingly difficult.
You can keep your keys on a removable drive...


All times are GMT -5. The time now is 02:18 PM.