0

Hello I need a little bit of help, please:

I have an excercise I want to do it is:

Create a script to monitor a DIRECTORY and for every file's creation append a new line in a register_file showing the date and hour, file's name and the name of the user who created the file.

I have tried:

inotifywait -m -e create -o register_file --timefmt '%d-%m-%Y-%H:%M' --format '%T %f' ./

But how can I discover user's name?

Thank you.

My first intuition would be see /proc. I have studied man inotifywait inotifywatch and incron but nothing helps.

Improve this question
2
  • Please explain why using ls -l or stat -f "%u" or stat -f "%Su" doesn't suite you. Or you want to do everything by inotifywait? Commented Dec 10, 2016 at 10:42
  • Inotity can only tell you the name of the file that was created, not who created it. You can use Linux auditing to log who created a file. Commented Dec 10, 2016 at 15:49

2 Answers 2

Reset to default
1

Disclaimer:
Not by any means an expert at inotify, I saw this as an opportunity to actually learn something new. With that out of the way, here is my approach:

#!/bin/bash watchedDir="toWatch" inotifywait -m "$watchedDir" -e create | while read -r file; do name=$(stat --format %U $file 2>/dev/null) date=$(stat --format %y $file 2>/dev/null) fileName=${file/* CREATE /} echo "File: '$fileName' Creator: $name Date: ${date%.*}" done

Upon execution:

./watchDir.sh Setting up watches. Watches established.

When I add a file to the directory toWatch from another terminal:

touch toWatch/a_file

...this is the output I get:

./watchDir.sh Setting up watches. Watches established. File: 'a_file' Creator: maulinglawns Date: 2016-12-10 12:29:42

And, adding another file...

touch toWatch/another_file

Gives...

./watchDir.sh Setting up watches. Watches established. File: 'a_file' Creator: maulinglawns Date: 2016-12-10 12:29:42 File: 'another_file' Creator: maulinglawns Date: 2016-12-10 12:31:15

Of course, if you want the output redirected to a file, you will have to implement that part.

This is based on @jasonwryan's post here. But I haven't figured out the --format option for inotifywait yet. It's on my TODO list, therefore I choose to use stat instead.

Improve this answer
3
  • just add >> output_file after the "echo" and that's what he wanted Commented Dec 10, 2016 at 13:54
  • @I-V Yes, but I believe OP can handle that part. Commented Dec 10, 2016 at 13:57
  • . I have learned what menas '-r' as an option in a while read statement, and it means: do not allow backlashes escape any character. I think it is needed because file will contain them and bash could misunderstands those. Also, ${file/* CREATE /} means remove whatever goes beyond whatever CREATE, in the file string, replacing it with the empty string. Finally, I suppose ${date%.*} means to remove the shortest match from the back of date. Commented Dec 12, 2016 at 10:27
0

Here is a bash script which you can run and will give you the owner. Instead of echo the owner you can write it the the register_file

#! /bin/bash export fCreation=$(tail -1 ./register_file) #get the newest file creation documentation export fName=${fCreation##* } #get the last word, which is the file name export details=$(ls -al | grep $fName) export owner=${details#* } #removes the file's permissions owner=${owner#* } owner=${owner#* } owner=${owner%% *} echo $owner

actually if you use stat --format=%U $fName you will get the owner easily.

EDIT:

From man 7 inotify:

"Limitations and caveats- The inotify API provides no information about the user or process that" triggered the inotify event.

Improve this answer
2
  • 1
    Breaks if you have a filename that contains a space. (Lots of mine do.) Commented Dec 10, 2016 at 12:17
  • so parse it as I parsed the owner... remove all the words before the filename Commented Dec 10, 2016 at 12:20

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.