We had a problem occur last week where one on the critical files on our web server was changed and broke links on the main page. I was able to fix the problem and determine when and where the problem occurred in the file, but I don’t know of any place in Windows 2000 server that would tell me who modified a file last. One person I spoke to seems to think this is possible in either Unix or Linux, but others I spoke to say it is not. They say you can only determine who had permissions to change the file, but not who actually changed it. Do you know if this is correct?
This occurs occasionally and is not done by people with a lot of computer expertise so they typically would be doing this by accident, not intentionally, and the user would not be trying to hide what they did. Unfortunately, no one seems to want to admit they caused the problem. My interest is getting the problem narrowed down and getting the person some training so they don't do it again.