Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-13-2006, 01:23 PM
|
#1
|
LQ Newbie
Registered: Apr 2006
Posts: 8
Rep:
|
monitor file read/write access
can anyone recommend a program I can use to monitor file read/write access. I wanna use this to find out which file I need to modify to change configuration settings as well as which file to lock down so that other users cannot modify them. hopefully something that can catch burst writes-- application: leave program running->change settings through GUI->save settings->find file writes on the output during time I clicked on save. looking for filemon (from sysinternals.com) like application.
Have already looked at lsof and problem there is that am not sure it will catch burts writes and even if it did, it doesn't seem to tell me whether file is being read or written to, there is also no access time information so if I were to use it I would have to check all the files listed to find which one I need- I think this is impractical for programs that use tons of files..
just my opinion, but I think the file organization in linux is a bit too crowded- some files that users might wanna modify (like configuration settings) seem to be lumped together in the same directory. also, when I install a package through a package manager like synaptic - it doesn't ask me where to install the program which makes me wonder whether the programmer completely read through the documentation for standard file locations and adhered to it (which I doubt very much since it is kinda long). Anyway, sorry 'bout the rant - please correct me if I had any misconceptions
Thanks in advance....
|
|
|
04-14-2006, 06:23 AM
|
#2
|
LQ Sage
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,675
Rep:
|
Quote:
Originally Posted by johnyang
just my opinion, but I think the file organization in linux is a bit too crowded- some files that users might wanna modify (like configuration settings) seem to be lumped together in the same directory.
|
Are you referring to /etc directory? If yes, then no - there is nothing in /etc users have to edit. /etc contains system-wide configuration settings, users can override these settings by creating their own configuration files in their home directories. For example, there is /etc/pine.conf where root sets all site-wide options and also specifies which parameters can be set by user in ~/.pinerc file. What is wrong with this scheme?
Last edited by Emerson; 04-14-2006 at 06:24 AM.
|
|
|
04-15-2006, 07:26 AM
|
#3
|
LQ Newbie
Registered: Apr 2006
Posts: 8
Original Poster
Rep:
|
hello, again I am new here so probably have a lot of misconceptions. anyway, some people like me would like to modify system wide settings since usually I create many accounts for different things so I don't wanna modify the same configuration settings for each and every account. You might say that all I need to do is copy the file to the home directory in question but that would mean that I'd need to remember what it is that I changed- and yet still I think this is a waste of time if I could change the system wide setting instead.
1 more reason is for when I configure the computer for use by many other users who don't know as much or care as much about security and need to be protected from themselves. All these I have easily done in windows just with use of filemon and regmon from sysinternals.. Hopefully there are similar tools in Linux.
Last edited by johnyang; 04-15-2006 at 07:29 AM.
|
|
|
04-15-2006, 08:08 AM
|
#4
|
LQ Sage
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,675
Rep:
|
Quote:
Originally Posted by johnyang
hello, again I am new here so probably have a lot of misconceptions. anyway, some people like me would like to modify system wide settings since usually I create many accounts for different things so I don't wanna modify the same configuration settings for each and every account. You might say that all I need to do is copy the file to the home directory in question but that would mean that I'd need to remember what it is that I changed- and yet still I think this is a waste of time if I could change the system wide setting instead.
|
Nobody can remember every change made. This is why seasoned users keep logs for every computer they manage. You can also include your custom configuration files in skeleton so they are used every time a new user is created. Indeed, admin can modify system-wide conf files. But users should not have write access to them.
Quote:
1 more reason is for when I configure the computer for use by many other users who don't know as much or care as much about security and need to be protected from themselves. All these I have easily done in windows just with use of filemon and regmon from sysinternals.. Hopefully there are similar tools in Linux.
|
You can use strace and you can use some intrusion detection software - cant't name any from memory - to see what files were altered.
|
|
|
04-15-2006, 09:07 AM
|
#5
|
LQ Newbie
Registered: Apr 2006
Posts: 8
Original Poster
Rep:
|
Quote:
Originally Posted by Emerson
Nobody can remember every change made. This is why seasoned users keep logs for every computer they manage.
|
If you're saying that there are logs that monitor file read/write access- this is precisely what I'm looking for. Please tell me which log file. Thanks.
Quote:
Originally Posted by Emerson
You can also include your custom configuration files in skeleton so they are used every time a new user is created. Indeed, admin can modify system-wide conf files. But users should not have write access to them.
|
I could place those in skeleton but that would imply that I knew what config files (filename) I need to change in the first place which is why I started this thread to look for a utility to help me- am currently in windows so I'll try the strace later. I understand that users don't have access to system wide settings but as you yourself implied, this means that settings changed by the user are kept in his home folder- I would like to know what files these are with help of some utility to monitor file writes and modify some permissions on them so that the user cannot modify it even in his/her home directory. In my opinion files are also too crowded in the home directory- although I may have misunderstood the organization - an example would be the kde menu - can't seem to find which file I need to modify to add programs into the list. - an internet search would probably help here however, I would like to point out that in windows it's as easy as browsing the documents and settings directory.
Quote:
Originally Posted by Emerson
You can use strace and you can use some intrusion detection software - cant't name any from memory - to see what files were altered.
|
Thanks for this suggestion and for posting here. will try this out later.. it is kinda odd that people don't seem to be interested in this utility - do linux users know where files are eventually after some experience with it? I have posted on a few other forums and I get very few responses. Seems to me that this is essential for system administration - I know it was for me in windows. Anyway, I hope this sounds more like a suggestion than a complain as I know I have no right to complain since linux is free. I would say though that linux has a long way to go before achieving usability like windows.
|
|
|
04-15-2006, 09:30 AM
|
#6
|
LQ Sage
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,675
Rep:
|
Uh, finally I'm starting to see your problem.
Really, Linux file tree is well organized and there is no need to search for conf files. man hier shows where files are located. man your_program describes what is the name of configuration files used.
Edit: With logs I had in mind something where you write down every change you make.
Last edited by Emerson; 04-15-2006 at 09:31 AM.
|
|
|
04-15-2006, 10:41 AM
|
#7
|
LQ Newbie
Registered: Apr 2006
Posts: 8
Original Poster
Rep:
|
Thank you for not taking offense in my criticisms. anyway, the man pages did come to mind but then I feel that a file monitoring utility might be more helpful; not only for people who are too lazy to read but also because man pages are also written by the programmer and some programs in linux, since free so usually doesn't have the monetary support, do not have such complete documentation. An example would be kxdocker which still has incomplete documentation. Anyway, hope people get interest in this thread because I think this is important.
|
|
|
04-15-2006, 12:44 PM
|
#8
|
LQ Sage
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,675
Rep:
|
Quote:
Originally Posted by johnyang
Thank you for not taking offense in my criticisms. anyway, the man pages did come to mind but then I feel that a file monitoring utility might be more helpful; not only for people who are too lazy to read but also because man pages are also written by the programmer and some programs in linux, since free so usually doesn't have the monetary support, do not have such complete documentation. An example would be kxdocker which still has incomplete documentation. Anyway, hope people get interest in this thread because I think this is important.
|
Too lazy to read does not fit into open source world. Linux does not hide anything, thus there is no real need to trace down things in Linux (except when debugging of course). You'll find the system itself with all utilities are well documented and there are countless HOWTO's and tutorials available on the web. www.google.com/linux is your best friend here, and these forums as well.
And here is an article which explains why one shouldn't complain before learning what (s)he is dealing with.
|
|
|
04-15-2006, 01:07 PM
|
#9
|
Senior Member
Registered: Sep 2003
Posts: 3,171
Rep:
|
nonetheless, a file monitoring utility would be quite useful. It would be much easier and quicker to have a utility watch a process's I/O rather than wade through lots of docs and set up test case after test case to track down exactly which file is causing this process to fail.
Regardless of anything else, the quicker you can find a problem the better off you are. That Linux is transparent, exposing everything, doesn't mean that such a tool wouldn't be useful; Linux exposes so much that sometimes just sifting through takes awhile. A tool to monitor I/O would put you on the correct path immediately.
|
|
|
04-15-2006, 01:19 PM
|
#10
|
LQ Sage
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,675
Rep:
|
Quote:
Originally Posted by jiml8
nonetheless, a file monitoring utility would be quite useful. It would be much easier and quicker to have a utility watch a process's I/O rather than wade through lots of docs and set up test case after test case to track down exactly which file is causing this process to fail.
Regardless of anything else, the quicker you can find a problem the better off you are. That Linux is transparent, exposing everything, doesn't mean that such a tool wouldn't be useful; Linux exposes so much that sometimes just sifting through takes awhile. A tool to monitor I/O would put you on the correct path immediately.
|
You realize of course this is debugging you are talking about? And you can use strace for this.
|
|
|
04-15-2006, 02:31 PM
|
#11
|
LQ Newbie
Registered: Apr 2006
Posts: 8
Original Poster
Rep:
|
Quote:
Originally Posted by Emerson
Linux does not hide anything, thus there is no real need to trace down things in Linux (except when debugging of course).
|
However, creating malware in linux is entirely possible. You might say that essential parts of the OS cannot by modified by program anyway since linux users always login as lower priveledged accounts. But doesn't every program have to install as root? In that time frame, wouldn't it be able to install anything? Furthermore, doesn't anything that runs on boot with init.d run as root? It seems trivial to me to insert something there while a program installs; Not to mention the existence of rootkits that do "hide" things. I know things I mentioned is responsibility of user (i.e. research program check md5 sum before installing). But forgive me for saying that I don't think the argument "linux doesn't hide anything" stands because it is same as saying you don't need to take responsibiity (by research or check md5 sum) in linux. I also find it rather disturbing that a lot of people seem to sight "open source" and program having been out there "open" for a long time as a guarantee of security - this I think only works if one can guarantee 2 things: a.) many people had taken interest in the program; b.) among those people are "competent" programmers who really did look at the code line by line. I don't think this is possible with all the programs out there as there is just too many -> what stops everyone from thinking the same thing and thus nothing gets checked. anyway, seems like strace is the program to use to track down problems- am still working on something that needs windows so can't try it yet. maybe later..
Quote:
Originally Posted by Emerson
You'll find the system itself with all utilities are well documented and there are countless HOWTO's and tutorials available on the web. www.google.com/linux is your best friend here, and these forums as well.
|
However, some programs do lack documentation. i.e. kxdocker.
Quote:
Originally Posted by Emerson
And here is an article which explains why one shouldn't complain before learning what (s)he is dealing with.
|
I see the point and I apologize for having done so with the file organization. I think I do see the point now to the file heirarchy and do agree with it. However, I still think a file monitoring program is necessary not only for lazy people, which I see may garner very little sympathy, but also for people who just don't have the necessary background to understand some of these documentations with ease, or people who simply don't have enough time. Anyway, I do hope strace is the answer..
|
|
|
04-16-2006, 01:56 PM
|
#12
|
Senior Member
Registered: Sep 2003
Posts: 3,171
Rep:
|
Quote:
Originally Posted by Emerson
You realize of course this is debugging you are talking about? And you can use strace for this.
|
I can use strace for those programs which I am starting. I can't use it to just look in on a program that is already running - such as, for instance, kdeinit. I also can't use it to monitor a file to see who is invoking that file, although I can see who has that file open at any particular time with lsof.
There are some nice tools available on Windows, provided by sysinternals.com, that do these kinds of things. There isn't any reason why Linux can't have similar tools. I used to have them on the Amiga too. In fact, I wrote a couple of them for the Amiga.
Actually, this has set me to thinking. If I can just cut loose enough time to do it...
But, I fear, that won't be happening any time soon.
|
|
|
All times are GMT -5. The time now is 07:22 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|