Solved

How do I determine who last accessed a file and when in a unix environment?

Posted on 2014-04-16
6
583 Views
Last Modified: 2016-02-13
We are moving to a new SAS environment and need to restrict file access in the new environment.  We would like to be able to determine file security based on the last time someone has accessed a file/dataset.  The command ls -atime will provide us with the last access time.  However, it does not provide us with WHO last accessed the file.   At this point, we are surveying all our users which is not practical since we have a significant number of users and files.  

Any help would be appreciated!
0
Comment
Question by:tammymorse
6 Comments
 
LVL 47

Expert Comment

by:dlethe
ID: 40004085
You can't.  The file system only has timestamps relating to last access, not user information. If you want to do this, then you'll need to install some software that monitors such things at the kernel level.

That software is O/S and filesystem dependent, and sometimes it is not free.
0
 
LVL 47

Expert Comment

by:dlethe
ID: 40004096
How about setting up some sort of mandatory script that people must use to access a data set.  Maybe encrypt the dataset so they don't know the password, so the only way to get to it is to run a script that logs the action as a precursor to unlocking it with a hidden password they can't see that is stored in the host computer in a place they can't read)

(I have no idea if  SAS will allow this, just trying to tell you that you'll have to think outside the box to limit access, rather than log access).
0
 
LVL 37

Assisted Solution

by:Gerwin Jansen
Gerwin Jansen earned 250 total points
ID: 40004409
Can you share how your environment is setup?

Do you have users, groups and folders per deparment / project / team or some sort of folder structure? Any security setup to prevent unauthorized users from accessing certain folders?

You could start by setting up new folders on the SAS environment and assign 'owners' for each folder that are allowed to grant access to other users for that particular folder.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:tammymorse
ID: 40004483
It appears I have to think outside the box.
0
 
LVL 28

Accepted Solution

by:
serialband earned 250 total points
ID: 40004874
You can install auditting.  If you have a redhat linux variant:

yum install audit
chkconfig auditd on

auditctl -w /PATH/TO/FILE -k KEY


from http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html

Suse has examples too: https://www.suse.com/documentation/sled11/singlehtml/audit_quickstart/audit_quickstart.html

Debian, Ubuntu, Mint: http://xmodulo.com/2013/05/how-to-monitor-file-access-on-linux.html
0
 
LVL 4

Expert Comment

by:popesy
ID: 40006172
What's your OS tammymorse?

It's relatively straight forward on AIX.  

I can help with that if you're still needing it.

Cheers, JP.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question