Geek asks and answers

Using inotify to track all files in the system

Question:

Can it be inotifyused to write files securely to the [linux] system?

Details:

I am trying to use inotifywaitto track user movements (currently using bash, but it was suggested that I port to the scripting language). Ultimately, I want to add new files to the database when creating the ( create, moved_from) to update existing rows in the database when you change a file ( modify, attrib, move_to), and finally delete the row after deleting a file ( delete). However, I am facing a lot of problems, since even an action that looks as simple as saving generates a lot of inotifywait messages. Observe the following commands and their output (note: use is /home/user/purely for example):

Examples:

Example 1: Listen to the creation of the file:

$ inotifywait -mr /home/user/ -e create  --format %w:%f:%e:%T --timefmt %T

Touch:

$touch test.txt
/home/user/:test.txt:CREATE:21:35:30

Open a new file with vim, then run the command: w:

$vim test2.txt
/home/user/:test2.txt:CREATE:21:35:30

vim, : w:

$vim test2.txt
/home/user/:4913:CREATE:21:35:30
/home/user/:test2.txt:CREATE:21:35:30

gedit, save:

$gedit test3.txt
/home/user/:test3.txt~:CREATE:21:35:30

gedit, save:

$gedit test3.txt
/home/user/:.goutputstream-HN3ZDW:CREATE:21:35:30
/home/user/:test3.txt~:CREATE:21:35:30

, ben (4913 .goutputstream-HN3ZDW), , test3.txt~ test3.txt, test3.txt ls. , .

1: , , :

$ inotifywait -mr /home/user/ -e create -e modify -e delete -e moved_to -e moved_from --format %w:%f:%e:%T --timefmt %T

Touch:

$touch test.txt
/home/user/:test.txt:CREATE:21:35:30

vim, : w:

$vim test2.txt
/home/user/:test2.txt:CREATE:22:12:32

vim, : w:

$vim test2.txt
/home/user/:4913:CREATE:22:04:35
/home/user/:4913:DELETE:22:04:35
/home/user/:test2.txt:MOVED_FROM:22:04:35
/home/user/:test2.txt~:MOVED_TO:22:04:35
/home/user/:test2.txt:CREATE:22:04:35
/home/user/:test2.txt~:DELETE:22:04:35

gedit, save:

$gedit test3.txt
/home/user/:test3.txt~:CREATE:21:35:30

gedit, save:

$gedit test3.txt
/home/user/:.goutputstream-0WQ2DW:CREATE:22:06:34
/home/user/:test3.txt~:CREATE:22:06:34
/home/user/:.goutputstream-0WQ2DW:MOVED_FROM:22:06:34
/home/user/:test3.txt:MOVED_TO:22:06:34

: " inotify "? , , , , , . , .

+3
1

inotify , , .

Gedit, , , , . . Vim ( , - . inode vi?): , .

, , . --, , create-move-create, vim, . , .

, , , , . , , : loggedfs . , ( , ), , copyfs. , , mysqlfs postgresqlfs (, ).

+2

More articles:


All Articles