Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
03-16-2017, 01:16 PM
|
#1
|
|
LQ Newbie
Registered: Aug 2014
Location: Near Portland, OR
Distribution: Would like help becoming comfortable with Gentoo, AV Linux, maybe Arch
Posts: 8
Rep: 
|
Is there a file access history in Linux?
You know how in Windows, you can look up the history (in Windows Explorer, I think) of files that have been opened on the system? Is there a similar way to do that on Linux? I ask because I would want to clear that history all the time.
|
|
|
|
|
03-16-2017, 02:09 PM
|
#2
|
|
LQ Newbie
Registered: Nov 2013
Location: Murder Dubs... Oakland CA
Distribution: RHEL
Posts: 20
Rep:
|
Auditd can but it has to be configured... I could be wrong but I don't believe there is anything that will track that by default. Obviously an lsof will list all files that are currently open by a user/process but nothing that tracks who opened what files by default.
|
|
|
|
|
03-16-2017, 02:29 PM
|
#3
|
|
Senior Member
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth&Mars (I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that work on freest-HW; has been KDE, CLI, Novena-SBC but open.. http://goo.gl/NqgqJx &c ;-)
Posts: 4,888
|
CLI has a history, can tweak in ~/.bashrc
|
|
|
|
|
03-16-2017, 02:34 PM
|
#4
|
|
LQ Newbie
Registered: Nov 2013
Location: Murder Dubs... Oakland CA
Distribution: RHEL
Posts: 20
Rep:
|
Quote:
Originally Posted by jamison20000e
CLI has a history, can tweak in ~/.bashrc
|
That's true. However, that's not a file access history. It only shows files you accessed via the cli not a list of all files accessed. But that is something I should have thought about in my initial response. Files you accessed via a GUI application will not show up in the history list or files opened by a script you launch from the cli. It will only show files you directly specify in your command history. |
|
|
|
|
03-16-2017, 03:57 PM
|
#5
|
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 11,380
|
File access logging produces such a flood of entries that it is basically useless in practice. Thousands of files might be opened and closed, each and every second.
Logic to update the "time last accessed" information is usually turned off for much the same reason: it simply causes too many disk writes that could be better spent doing useful things.
|
|
|
|
|
03-16-2017, 04:16 PM
|
#6
|
|
Senior Member
Registered: Nov 2011
Location: London, UK
Distribution: Debian
Posts: 1,959
|
You could obtain a list of all modified files in a specified period...
So you could get a list of all the files that have been amended in any significant way...
|
|
|
|
|
03-16-2017, 07:57 PM
|
#7
|
|
LQ Guru
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 21 MATE
Posts: 8,048
|
You need to tell us which desktop environment you are using. Gnome-based desktop environments, for example, normally keep a list of most recently accessed files (e.g. /.local/share/recently-used.xbel on my Mint 18.1 MATE system).
This might be of interest to you (read through the whole thing to get ideas before trying anything - the final solution will be specific to your setup):
https://alexcabal.com/disabling-gnom...he-better-way/
Be aware that applications themselves, including your file manager, very often keep most recently used lists - you may want to switch those off on a per-application basis. |
|
|
1 members found this post helpful.
|
|
03-17-2017, 12:30 AM
|
#8
|
|
Senior Member
Registered: Nov 2011
Location: London, UK
Distribution: Debian
Posts: 1,959
|
The popular GUI file managers keep a cache of icons of displayed files,
but many or most files are simply used without any presentation to a GUI.
I have only 3,000 files in /etc - but I'm betting the majority are read-only (in normal use).
|
|
|
|
|
03-17-2017, 10:14 AM
|
#9
|
|
Senior Member
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375
|
even if you deleted such a history in a GUI, it can be figured out from the CLI since all files have three time stamps, Access, Modify and Change.
You can disable the updating of Access time stamps (via noatime & nodiratime mount options) but Modify and Change would still function if there were changes to the file or it were updated.
Just to note, these time stamps only indicate the when and not the who.
|
|
|
|
|
03-17-2017, 11:23 AM
|
#10
|
|
Senior Member
Registered: Nov 2011
Location: London, UK
Distribution: Debian
Posts: 1,959
|
Except that the access/modify/change time-stamps to read-only files are not normally updated, since that would require a wasted file update.
|
|
|
|
|
03-17-2017, 11:44 AM
|
#11
|
|
Member
Registered: Jan 2017
Location: Fremont, CA, USA
Distribution: Trying any&ALL on old/minimal
Posts: 997
|
Welcome BACK! How's things been going over past 2.4years? IF AV Linux, try this search:
recently used files xcfe desktop
Wikipedia will tell you that linux more literally means kernel, seperate from each distribution's choice of DE, Desktop Environment.
|
|
|
|
|
03-17-2017, 07:44 PM
|
#12
|
|
Senior Member
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375
|
Quote:
Originally Posted by JeremyBoden
Except that the access/modify/change time-stamps to read-only files are not normally updated, since that would require a wasted file update.
|
But how do you know the files in question are read-only, I see no such mention as such other than by yourself. The OP never specified what files they are talking about, it seems however they were probably on about ALL files, not just some files that might be read-only. |
|
|
|
|
03-19-2017, 05:56 AM
|
#13
|
|
Senior Member
Registered: Feb 2003
Distribution: debian
Posts: 4,137
|
There's fam, file alteration monitor or some such. But it has to be installed and configured and running when files are altered. Or at least there used to be, maybe it got ate by systemd. In general about the only thing tracked without configuration is last access time, which can also be disabled (noatime). For linux, most everything is a file, to include devices, so tracking them would be a daunting task and probably not on by default for most distros. If you're paranoid, run something like puppy linux or tails that runs in ram. Or other read-only live distros. Or do fresh installs often and wipe your partitions clean, plus encrypted partitions for those devices that don't wipe easily.
|
|
|
|
All times are GMT -5. The time now is 03:00 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
