finding which process created a given file
Hi,
I ran a cronjob process which runs everyday at a certain time.
It creates some file in a directory.
Suppose i want to know the information other way. I have a file which was created by some process.. How do i find out the process id which created this file ?
Thanks
I ran a cronjob process which runs everyday at a certain time.
It creates some file in a directory.
Suppose i want to know the information other way. I have a file which was created by some process.. How do i find out the process id which created this file ?
Thanks
Zephyr ICT
You could use audit, if the process still writes to that file of course: http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
The only way to find out what process made a file that already exists is if it still has the file open (but that may not be definitive since a different process might have opened it after it was created) or if auditing is turned on and there is an existing audit record.
On the other hand, if you know about a file that is repeatedly created, you can probably find the process as it creates it using file notification or the like.
If you really had the reverse situation of a cronjob and you found a file that is created repeatedly, you can often find the culprit by correlating the time of creation with the start time of all the scheduled cronjobs. Most cronjobs are relatively short lived.
On the other hand, if you know about a file that is repeatedly created, you can probably find the process as it creates it using file notification or the like.
If you really had the reverse situation of a cronjob and you found a file that is created repeatedly, you can often find the culprit by correlating the time of creation with the start time of all the scheduled cronjobs. Most cronjobs are relatively short lived.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
#fuser filename
@Sandeep - fuser is only applicable when file is in use. It is of no use when the file is closed aleady ("find out the process id which created this file").
thanks Gerwin