Solved

How do I determine who last accessed a file and when in a unix environment?

Posted on 2014-04-16
6
578 Views
Last Modified: 2016-02-13
We are moving to a new SAS environment and need to restrict file access in the new environment.  We would like to be able to determine file security based on the last time someone has accessed a file/dataset.  The command ls -atime will provide us with the last access time.  However, it does not provide us with WHO last accessed the file.   At this point, we are surveying all our users which is not practical since we have a significant number of users and files.  

Any help would be appreciated!
0
Comment
Question by:tammymorse
6 Comments
 
LVL 47

Expert Comment

by:dlethe
ID: 40004085
You can't.  The file system only has timestamps relating to last access, not user information. If you want to do this, then you'll need to install some software that monitors such things at the kernel level.

That software is O/S and filesystem dependent, and sometimes it is not free.
0
 
LVL 47

Expert Comment

by:dlethe
ID: 40004096
How about setting up some sort of mandatory script that people must use to access a data set.  Maybe encrypt the dataset so they don't know the password, so the only way to get to it is to run a script that logs the action as a precursor to unlocking it with a hidden password they can't see that is stored in the host computer in a place they can't read)

(I have no idea if  SAS will allow this, just trying to tell you that you'll have to think outside the box to limit access, rather than log access).
0
 
LVL 37

Assisted Solution

by:Gerwin Jansen
Gerwin Jansen earned 250 total points
ID: 40004409
Can you share how your environment is setup?

Do you have users, groups and folders per deparment / project / team or some sort of folder structure? Any security setup to prevent unauthorized users from accessing certain folders?

You could start by setting up new folders on the SAS environment and assign 'owners' for each folder that are allowed to grant access to other users for that particular folder.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:tammymorse
ID: 40004483
It appears I have to think outside the box.
0
 
LVL 28

Accepted Solution

by:
serialband earned 250 total points
ID: 40004874
You can install auditting.  If you have a redhat linux variant:

yum install audit
chkconfig auditd on

auditctl -w /PATH/TO/FILE -k KEY


from http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html

Suse has examples too: https://www.suse.com/documentation/sled11/singlehtml/audit_quickstart/audit_quickstart.html

Debian, Ubuntu, Mint: http://xmodulo.com/2013/05/how-to-monitor-file-access-on-linux.html
0
 
LVL 4

Expert Comment

by:popesy
ID: 40006172
What's your OS tammymorse?

It's relatively straight forward on AIX.  

I can help with that if you're still needing it.

Cheers, JP.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now