Quote:
Originally Posted by nagendrar
Please help me to provide the API to know who made changes to a file on linux using 'C' or C++
|
You need to monitor the changes while they happen, of course. We don't have time machines, yet.
If you are only interested in being notified of changes, use the
inotify interface.
If you wish to audit changes -- say, you need to e.g. take a backup of a file before someone opens it for read-write or truncates it, therefore delaying the opener for a bit --, you need to use the Linux kernel audit subsystem. See
audit_open,
audit_add_rule and so on for details.
Note that either one of these is simpler to implement using shell scripts (inotify via inotifytools package, especially the
inotifywait command, and audit via auditd package, especially the
auditctl command. The C interfaces above require you to use low-level (netlink) sockets and I/O, possibly signals too; standard libraries like stdio won't help you with those.