Solved

finding which process created a given file

Posted on 2014-01-27
7
1,168 Views
Last Modified: 2014-02-03
Hi,
I ran a cronjob process which runs everyday at a certain time.
It creates some file in a directory.

Suppose i want to know the information other way. I have a file which was created by some process.. How do i find out the process id which created this file ?

Thanks
0
Comment
Question by:Rohit Bajaj
7 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39811439
You could use audit, if the process still writes to that file of course: http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
0
 
LVL 22

Expert Comment

by:blu
ID: 39811728
The only way to find out what process made a file that already exists is if it still has the file open (but that may not be definitive since a different process might have opened it after it was created) or if auditing is turned on and there is an existing audit record.

On the other hand, if you know about a file that is repeatedly created, you can probably find the process as it creates it using file notification or the like.

If you really had the reverse situation of a cronjob and you found a file that is created repeatedly, you can often find the culprit by correlating the time of creation with the start time of all the scheduled cronjobs. Most cronjobs are relatively short lived.
0
 
LVL 14

Accepted Solution

by:
comfortjeanius earned 250 total points
ID: 39812109
You can look into:
lsof

Open in new window

Simply typing lsof will provide a list of all open files belonging to all active processes.

List processes which opened a specific file. You can list only the processes which opened a specific file, by providing the filename as arguments.
lsof /var/log/syslog

Open in new window


You can check the man pages for lsof; you also can look into auditctl man pages. This a utility to assist controlling the kernel’s audit system.  Here some examples and example2....
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 38

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 250 total points
ID: 39813576
Process ID's are re-used, I don't know of a way to find what process had created a file once the process isn't there anymore.

I'd just look at the owner of the file and the timestamp when it was created.

If you suspect a cronjob, you could set the output directory read-only. Then the cron-job fails and you will know which job created the file.

Another option would be to have the cron-job create an additional file named <cronjob_name>_<process_id>.log - this would give you cronjob, process id, timestamp.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39814469
#fuser filename
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 39815296
@Sandeep - fuser is only applicable when file is in use. It is of no use when the file is closed aleady ("find out the process id which created this file").
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39831687
thanks Gerwin
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question