Solved

How do I determine who last accessed a file and when in a unix environment?

Posted on 2014-04-16
6
570 Views
Last Modified: 2016-02-13
We are moving to a new SAS environment and need to restrict file access in the new environment.  We would like to be able to determine file security based on the last time someone has accessed a file/dataset.  The command ls -atime will provide us with the last access time.  However, it does not provide us with WHO last accessed the file.   At this point, we are surveying all our users which is not practical since we have a significant number of users and files.  

Any help would be appreciated!
0
Comment
Question by:tammymorse
6 Comments
 
LVL 47

Expert Comment

by:dlethe
ID: 40004085
You can't.  The file system only has timestamps relating to last access, not user information. If you want to do this, then you'll need to install some software that monitors such things at the kernel level.

That software is O/S and filesystem dependent, and sometimes it is not free.
0
 
LVL 47

Expert Comment

by:dlethe
ID: 40004096
How about setting up some sort of mandatory script that people must use to access a data set.  Maybe encrypt the dataset so they don't know the password, so the only way to get to it is to run a script that logs the action as a precursor to unlocking it with a hidden password they can't see that is stored in the host computer in a place they can't read)

(I have no idea if  SAS will allow this, just trying to tell you that you'll have to think outside the box to limit access, rather than log access).
0
 
LVL 37

Assisted Solution

by:Gerwin Jansen
Gerwin Jansen earned 250 total points
ID: 40004409
Can you share how your environment is setup?

Do you have users, groups and folders per deparment / project / team or some sort of folder structure? Any security setup to prevent unauthorized users from accessing certain folders?

You could start by setting up new folders on the SAS environment and assign 'owners' for each folder that are allowed to grant access to other users for that particular folder.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:tammymorse
ID: 40004483
It appears I have to think outside the box.
0
 
LVL 27

Accepted Solution

by:
serialband earned 250 total points
ID: 40004874
You can install auditting.  If you have a redhat linux variant:

yum install audit
chkconfig auditd on

auditctl -w /PATH/TO/FILE -k KEY


from http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html

Suse has examples too: https://www.suse.com/documentation/sled11/singlehtml/audit_quickstart/audit_quickstart.html

Debian, Ubuntu, Mint: http://xmodulo.com/2013/05/how-to-monitor-file-access-on-linux.html
0
 
LVL 4

Expert Comment

by:popesy
ID: 40006172
What's your OS tammymorse?

It's relatively straight forward on AIX.  

I can help with that if you're still needing it.

Cheers, JP.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now