Solved

How do I determine who last accessed a file and when in a unix environment?

Posted on 2014-04-16
6
585 Views
Last Modified: 2016-02-13
We are moving to a new SAS environment and need to restrict file access in the new environment.  We would like to be able to determine file security based on the last time someone has accessed a file/dataset.  The command ls -atime will provide us with the last access time.  However, it does not provide us with WHO last accessed the file.   At this point, we are surveying all our users which is not practical since we have a significant number of users and files.  

Any help would be appreciated!
0
Comment
Question by:tammymorse
6 Comments
 
LVL 47

Expert Comment

by:dlethe
ID: 40004085
You can't.  The file system only has timestamps relating to last access, not user information. If you want to do this, then you'll need to install some software that monitors such things at the kernel level.

That software is O/S and filesystem dependent, and sometimes it is not free.
0
 
LVL 47

Expert Comment

by:dlethe
ID: 40004096
How about setting up some sort of mandatory script that people must use to access a data set.  Maybe encrypt the dataset so they don't know the password, so the only way to get to it is to run a script that logs the action as a precursor to unlocking it with a hidden password they can't see that is stored in the host computer in a place they can't read)

(I have no idea if  SAS will allow this, just trying to tell you that you'll have to think outside the box to limit access, rather than log access).
0
 
LVL 38

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 250 total points
ID: 40004409
Can you share how your environment is setup?

Do you have users, groups and folders per deparment / project / team or some sort of folder structure? Any security setup to prevent unauthorized users from accessing certain folders?

You could start by setting up new folders on the SAS environment and assign 'owners' for each folder that are allowed to grant access to other users for that particular folder.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:tammymorse
ID: 40004483
It appears I have to think outside the box.
0
 
LVL 29

Accepted Solution

by:
serialband earned 250 total points
ID: 40004874
You can install auditting.  If you have a redhat linux variant:

yum install audit
chkconfig auditd on

auditctl -w /PATH/TO/FILE -k KEY


from http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html

Suse has examples too: https://www.suse.com/documentation/sled11/singlehtml/audit_quickstart/audit_quickstart.html

Debian, Ubuntu, Mint: http://xmodulo.com/2013/05/how-to-monitor-file-access-on-linux.html
0
 
LVL 4

Expert Comment

by:popesy
ID: 40006172
What's your OS tammymorse?

It's relatively straight forward on AIX.  

I can help with that if you're still needing it.

Cheers, JP.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
OnPage: Incident management and secure messaging on your smartphone
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question