Solved

How do I determine who last accessed a file and when in a unix environment?

Posted on 2014-04-16
6
587 Views
Last Modified: 2016-02-13
We are moving to a new SAS environment and need to restrict file access in the new environment.  We would like to be able to determine file security based on the last time someone has accessed a file/dataset.  The command ls -atime will provide us with the last access time.  However, it does not provide us with WHO last accessed the file.   At this point, we are surveying all our users which is not practical since we have a significant number of users and files.  

Any help would be appreciated!
0
Comment
Question by:tammymorse
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 47

Expert Comment

by:dlethe
ID: 40004085
You can't.  The file system only has timestamps relating to last access, not user information. If you want to do this, then you'll need to install some software that monitors such things at the kernel level.

That software is O/S and filesystem dependent, and sometimes it is not free.
0
 
LVL 47

Expert Comment

by:dlethe
ID: 40004096
How about setting up some sort of mandatory script that people must use to access a data set.  Maybe encrypt the dataset so they don't know the password, so the only way to get to it is to run a script that logs the action as a precursor to unlocking it with a hidden password they can't see that is stored in the host computer in a place they can't read)

(I have no idea if  SAS will allow this, just trying to tell you that you'll have to think outside the box to limit access, rather than log access).
0
 
LVL 38

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 250 total points
ID: 40004409
Can you share how your environment is setup?

Do you have users, groups and folders per deparment / project / team or some sort of folder structure? Any security setup to prevent unauthorized users from accessing certain folders?

You could start by setting up new folders on the SAS environment and assign 'owners' for each folder that are allowed to grant access to other users for that particular folder.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 

Author Comment

by:tammymorse
ID: 40004483
It appears I have to think outside the box.
0
 
LVL 29

Accepted Solution

by:
serialband earned 250 total points
ID: 40004874
You can install auditting.  If you have a redhat linux variant:

yum install audit
chkconfig auditd on

auditctl -w /PATH/TO/FILE -k KEY


from http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html

Suse has examples too: https://www.suse.com/documentation/sled11/singlehtml/audit_quickstart/audit_quickstart.html

Debian, Ubuntu, Mint: http://xmodulo.com/2013/05/how-to-monitor-file-access-on-linux.html
0
 
LVL 4

Expert Comment

by:popesy
ID: 40006172
What's your OS tammymorse?

It's relatively straight forward on AIX.  

I can help with that if you're still needing it.

Cheers, JP.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
sftp vs SendThisFile 9 49
Multi Factor Authentication 3 44
Centos 7 DNS server not replying to clients 3 55
Windows 10 Errors 11 70
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question