How to know which process is changing a file in linux

4.7k Views Asked by RMK At 09 July 2017 at 17:52

I'm using an automation tool to build a virtual machine. During the this automation a config file (/etc/myprogram/cofig.ini) is becoming empty.

This file's contents are required complete the automation, but I'm clueless which process is emptying the file.

I want to monitor a file and list the name of processes changed the contents of the file.

I'm using Ubuntu 16.04.

I saw some questions in Stackoverflow but did help. I tried to use audictl inotify and watchdog . Please let me know any better way to do this. Is there a way to do this using python.

Original Q&A

There are 2 best solutions below

Jack On 09 July 2017 at 17:57

The lsof command will show what processes are using which files:

lsof | grep <filename>

omid abbasi On 09 July 2017 at 18:36

you can use lsof. this command is for find out what processes currently have the file open. if process opening the file, writing to it, and then closing it you can use auditing.

/sbin/auditctl -w /etc/myprogram/cofig.ini -p war -k config.ini-file

-w watch etc/myprogram/cofig.ini
-p warx watch for write, attribute change, execute or read events
-k config.ini-file is a search key.

wait till the file change then use

/sbin/ausearch -f /etc/myprogram/cofig.ini | more

How to know which process is changing a file in linux

There are 2 best solutions below

Related Questions in LINUX

Related Questions in BASH

Related Questions in INOTIFY

Related Questions in PYINOTIFY

Trending Questions

Popular # Hahtags

Popular Questions