Solved

finding which process created a given file

Posted on 2014-01-27
7
1,135 Views
Last Modified: 2014-02-03
Hi,
I ran a cronjob process which runs everyday at a certain time.
It creates some file in a directory.

Suppose i want to know the information other way. I have a file which was created by some process.. How do i find out the process id which created this file ?

Thanks
0
Comment
Question by:Rohit Bajaj
7 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39811439
You could use audit, if the process still writes to that file of course: http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
0
 
LVL 22

Expert Comment

by:blu
ID: 39811728
The only way to find out what process made a file that already exists is if it still has the file open (but that may not be definitive since a different process might have opened it after it was created) or if auditing is turned on and there is an existing audit record.

On the other hand, if you know about a file that is repeatedly created, you can probably find the process as it creates it using file notification or the like.

If you really had the reverse situation of a cronjob and you found a file that is created repeatedly, you can often find the culprit by correlating the time of creation with the start time of all the scheduled cronjobs. Most cronjobs are relatively short lived.
0
 
LVL 14

Accepted Solution

by:
comfortjeanius earned 250 total points
ID: 39812109
You can look into:
lsof

Open in new window

Simply typing lsof will provide a list of all open files belonging to all active processes.

List processes which opened a specific file. You can list only the processes which opened a specific file, by providing the filename as arguments.
lsof /var/log/syslog

Open in new window


You can check the man pages for lsof; you also can look into auditctl man pages. This a utility to assist controlling the kernel’s audit system.  Here some examples and example2....
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 37

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 250 total points
ID: 39813576
Process ID's are re-used, I don't know of a way to find what process had created a file once the process isn't there anymore.

I'd just look at the owner of the file and the timestamp when it was created.

If you suspect a cronjob, you could set the output directory read-only. Then the cron-job fails and you will know which job created the file.

Another option would be to have the cron-job create an additional file named <cronjob_name>_<process_id>.log - this would give you cronjob, process id, timestamp.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39814469
#fuser filename
0
 
LVL 37

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 39815296
@Sandeep - fuser is only applicable when file is in use. It is of no use when the file is closed aleady ("find out the process id which created this file").
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39831687
thanks Gerwin
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question