Date: Sun, 22 May 2005 04:05:50 +0100 From: Bruce M Simpson <bms@spc.org> To: Charles Sprickman <spork@fasttrackmonkey.com> Cc: hackers@freebsd.org Subject: Re: watching a file for ownership change Message-ID: <20050522030550.GE1108@empiric.icir.org> In-Reply-To: <Pine.OSX.4.61.0505212229560.385@gee5.nat.fasttrackmonkey.com> References: <Pine.OSX.4.61.0505212229560.385@gee5.nat.fasttrackmonkey.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, May 21, 2005 at 10:38:30PM -0400, Charles Sprickman wrote: > I'd like to find a way to watch one of the user's maildirsize files that > seems to flip ownerships at least once a day and try to determine what > process is changing the ownership. > How can I do that without dropping a bunch of daemons on a production > machine into heavy-debug mode? OS is 4.8 with all current patches. You could try watching kevent() on the file for EVFILT_VNODE with NOTE_ATTRIB. You'd need to write a small C program to do this. Whilst this won't tell you who did what, it could give you sufficiently good timestamps from it happening to begin tracking the culprit down further, perhaps using lsof. BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050522030550.GE1108>