How to know if a file has 'access' monitor in linux
Posted
by
J L
on Super User
See other posts from Super User
or by J L
Published on 2012-04-03T22:03:44Z
Indexed on
2012/04/03
23:33 UTC
Read the original article
Hit count: 189
I'm a noob and have some questions about viewing who accessed a file.
I found there are ways to see if a file was accessed (not modified/changed) through audit subsystem and inotify.
However, from what I have read online, according to here: http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
it says to 'watch/monitor' file, I have to set a watch by using command like:
# auditctl -w /etc/passwd -p war -k password-file
So if I create a new file or directory, do I have to use audit/inotify command to 'set' watch first to 'watch' who accessed the new file?
Also is there a way to know if a directory is being 'watched' through audit subsystem or inotify? How/where can I check the log of a file?
© Super User or respective owner