From owner-freebsd-questions@FreeBSD.ORG Sat Nov 22 16:06:58 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 984DA16A4CE for ; Sat, 22 Nov 2003 16:06:58 -0800 (PST) Received: from www6.web2010.com (www6.web2010.com [216.157.5.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADE8C43F85 for ; Sat, 22 Nov 2003 16:06:57 -0800 (PST) (envelope-from MLandman@face2interface.com) Received: from delliver.face2interface.com (dialup-wash-129-203.thebiz.net [64.30.129.203] (may be forged)) by www6.web2010.com (8.12.10/8.9.0) with ESMTP id hAN06YqK029748; Sat, 22 Nov 2003 19:06:35 -0500 (EST) Message-Id: <6.0.0.22.0.20031122185606.02ddc240@pop.face2interface.com> X-Sender: face@pop.face2interface.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Sat, 22 Nov 2003 19:06:37 -0500 To: cpghost@cordula.ws, freebsd-questions@freebsd.org From: Marty Landman In-Reply-To: <200311222258.hAMMwApd092388@fw.farid-hajji.net> References: <200311222258.hAMMwApd092388@fw.farid-hajji.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: Monitoring a file? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Nov 2003 00:06:58 -0000 At 05:58 PM 11/22/2003, Cordula's Web wrote: > A file, let's say, /path/to/a/file, is being modified by > an unknown process P(u) at random times. Unfortunately, > the name of the program ran by P(u) is unknown. Being a newbie I'm going against my better judgement by offering my thoughts. The problem though sounds too interesting to pass up. I'd think the failsafe way to approach this is with a wrapper so that when process P accesses file F it's really accessing W(F), i.e. a software wrapper which would then emulate F, only since W's a pgm it can also log the activity as well as reply to P with basically whatever you want it to reply with. Would ln(1) be able to serve as the setup for W? I've only done soft links for directory aliasing on websites. So I don't know if you can get away with e.g. having a shebang line on top W and expect it to execute; if you could work it that way though you'd be golden afaict. Rereading this I realize for W to work it'd also have to be able to know who P is, i.e. the process and what it was wanting to do so it could emulate it. Or is there a way to just have W pass F on to P after logging the activity? And why do I suddenly crave a bowl of alphabet soup? BTW isn't this the basic concept behind jail(8), only you'd be jailing a file rather than a process? Just my two cents, hope it's worth it. Marty Landman Face 2 Interface Inc 845-679-9387 Sign On Required: Web membership software for your site Make a Website: http://face2interface.com/Home/Demo.shtml