Solved

finding which process created a given file

Posted on 2014-01-27
7
1,243 Views
Last Modified: 2014-02-03
Hi,
I ran a cronjob process which runs everyday at a certain time.
It creates some file in a directory.

Suppose i want to know the information other way. I have a file which was created by some process.. How do i find out the process id which created this file ?

Thanks
0
Comment
Question by:Rohit Bajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39811439
You could use audit, if the process still writes to that file of course: http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
0
 
LVL 22

Expert Comment

by:blu
ID: 39811728
The only way to find out what process made a file that already exists is if it still has the file open (but that may not be definitive since a different process might have opened it after it was created) or if auditing is turned on and there is an existing audit record.

On the other hand, if you know about a file that is repeatedly created, you can probably find the process as it creates it using file notification or the like.

If you really had the reverse situation of a cronjob and you found a file that is created repeatedly, you can often find the culprit by correlating the time of creation with the start time of all the scheduled cronjobs. Most cronjobs are relatively short lived.
0
 
LVL 14

Accepted Solution

by:
comfortjeanius earned 250 total points
ID: 39812109
You can look into:
lsof

Open in new window

Simply typing lsof will provide a list of all open files belonging to all active processes.

List processes which opened a specific file. You can list only the processes which opened a specific file, by providing the filename as arguments.
lsof /var/log/syslog

Open in new window


You can check the man pages for lsof; you also can look into auditctl man pages. This a utility to assist controlling the kernel’s audit system.  Here some examples and example2....
0
Containers and Docker for Everyone

Containers are an incredibly powerful technology that can provide you and/or your engineering team with huge productivity gains. Using containers, you can deploy, back up, replicate, and move apps and their dependencies quickly and easily.

 
LVL 38

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 250 total points
ID: 39813576
Process ID's are re-used, I don't know of a way to find what process had created a file once the process isn't there anymore.

I'd just look at the owner of the file and the timestamp when it was created.

If you suspect a cronjob, you could set the output directory read-only. Then the cron-job fails and you will know which job created the file.

Another option would be to have the cron-job create an additional file named <cronjob_name>_<process_id>.log - this would give you cronjob, process id, timestamp.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39814469
#fuser filename
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 39815296
@Sandeep - fuser is only applicable when file is in use. It is of no use when the file is closed aleady ("find out the process id which created this file").
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39831687
thanks Gerwin
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question