How to know which process is changing a file in linux
Question
I'm using an automation tool to build a virtual machine. During the this automation a config file (/etc/myprogram/cofig.ini) is becoming empty.
This file's contents are required complete the automation, but I'm clueless which process is emptying the file.
I want to monitor a file and list the name of processes changed the contents of the file.
I'm using Ubuntu 16.04.
I saw some questions in Stackoverflow but did help. I tried to use audictl inotify and watchdog . Please let me know any better way to do this. Is there a way to do this using python.
2 answers
solution1
3 2017-07-09 17:57:29
lsof命令将显示哪些进程正在使用哪些文件:
lsof | grep <filename>
solution2
2 2017-07-09 18:36:52
you can use lsof . this command is for find out what processes currently have the file open. if process opening the file, writing to it, and then closing it you can use auditing.
/sbin/auditctl -w /etc/myprogram/cofig.ini -p war -k config.ini-file
-w watch etc/myprogram/cofig.ini
-p warx watch for write, attribute change, execute or read events
-k config.ini-file is a search key.
wait till the file change then use
/sbin/ausearch -f /etc/myprogram/cofig.ini | more
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.