?
Solved

finding which process created a given file

Posted on 2014-01-27
7
Medium Priority
?
1,309 Views
Last Modified: 2014-02-03
Hi,
I ran a cronjob process which runs everyday at a certain time.
It creates some file in a directory.

Suppose i want to know the information other way. I have a file which was created by some process.. How do i find out the process id which created this file ?

Thanks
0
Comment
Question by:Rohit Bajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39811439
You could use audit, if the process still writes to that file of course: http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
0
 
LVL 22

Expert Comment

by:blu
ID: 39811728
The only way to find out what process made a file that already exists is if it still has the file open (but that may not be definitive since a different process might have opened it after it was created) or if auditing is turned on and there is an existing audit record.

On the other hand, if you know about a file that is repeatedly created, you can probably find the process as it creates it using file notification or the like.

If you really had the reverse situation of a cronjob and you found a file that is created repeatedly, you can often find the culprit by correlating the time of creation with the start time of all the scheduled cronjobs. Most cronjobs are relatively short lived.
0
 
LVL 14

Accepted Solution

by:
comfortjeanius earned 1000 total points
ID: 39812109
You can look into:
lsof

Open in new window

Simply typing lsof will provide a list of all open files belonging to all active processes.

List processes which opened a specific file. You can list only the processes which opened a specific file, by providing the filename as arguments.
lsof /var/log/syslog

Open in new window


You can check the man pages for lsof; you also can look into auditctl man pages. This a utility to assist controlling the kernel’s audit system.  Here some examples and example2....
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 38

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 1000 total points
ID: 39813576
Process ID's are re-used, I don't know of a way to find what process had created a file once the process isn't there anymore.

I'd just look at the owner of the file and the timestamp when it was created.

If you suspect a cronjob, you could set the output directory read-only. Then the cron-job fails and you will know which job created the file.

Another option would be to have the cron-job create an additional file named <cronjob_name>_<process_id>.log - this would give you cronjob, process id, timestamp.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39814469
#fuser filename
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 39815296
@Sandeep - fuser is only applicable when file is in use. It is of no use when the file is closed aleady ("find out the process id which created this file").
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39831687
thanks Gerwin
0

Featured Post

Video: Liquid Web Managed WordPress Comparisons

If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month14 days, 23 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question