Find who modified the permission to a file
Hi,
There is a file in our system and I am trying to find which user changed the permission of that file from XXX to something YYY , I tried googling which ended up in results that was no close to a answer for my question. Even if there is no way to find who modified the permission to a file , is it possible to find at what time the permission was modified . Thanks, |
Quote:
Another approach is to make the file modifiable only by root. Such a file can be make readable by anyone, but only modifiable by a select few. |
Its hard to find out who changed the file permissions. You can use access lists to control who can change what, also you can find certain file permissions types, like if you are looking for any permissions that are 777. Also you can look ether manually or through scripting on users history's . As far as checking when the file was changed you can use the ctime (ls -clt). The only catch with ctime is it also takes into account if the file has been changed.
|
Thanks for your quick responses,
ls -clt and ls -lt shows only the date on which the file's content is modified , I consulted my friends in here and no one seems to know about a way to find who/when last changed the file permissions . But my hope still lays on a few who said that they have previously had some exposure to something exactly what am looking for , so i thought someone from LQ would have came across the same situation like me , I am still positive that I will get some responses here. Thanks all, |
Quote:
|
Only the owner of the file and the root user can change a files permissions.
The ctime is updated when the attributes of a file is changed. |
if you use Process Accounting on Linux you might find out who executed the chmod command against that file..it is not a direct solution..but it might help
|
mbostwick,
I am at work right now , I will reply with a detailed snapshot from my home computer coz I dont want to post a snapshot of a shell from a protected environment , I am looking to find this out as one of the major tool failed in accessing(or failed to write into) a log file and there are many reasons for the same and one of which is possibly someone might have changed the permissions to the log file, ddaemonunics, I will checkout process accounting Thanks all, |
linux inotify
inotify can be used to inform you of filesystem changes, as well as attribute modifications (i.e. permissions).
Try a google for "linux inotify". |
Hi,
Code:
[test@ramkarthik ~]$ date 2.I did change the permission of the file and the change(timestamp) reflected in ls -clt But how do I find for which one among the above changes caused the change in the timestamp I did check process accounting concept but the server in which i am trying to find the timestamp of chmod execution has process accounting disabled . Any suggestions are welcome, Thanks all. |
This is a good explanation
http://www.unixtutorial.org/2008/04/...x-filesystems/ Note that ctime records file owner/perms & content changes, mtime is only content change. If you suspect a user changed the file, you'll have to look through their cmd history (if they haven't cleared it). As mentioned above, if you want to track those changes, you'll need accounting or inotify. NB: Only the owner or root can change permissions. |
Hi,
Thanks chrism01 , stat command illustrated in the tutorial was really useful , thanks all for your support. |
All times are GMT -5. The time now is 10:31 PM. |