0

Let's say I have a file named "app.log" and I want to find out which process is writing the log, but I have restricted permissions, I have tried the following:

  1. lsof /path/to/file, which I dont' have this package and don't have the permission to install it.
  2. loggedfs -l /path/to/log_file -c /path/to/config.xml /path/to/directory tail -f /path/to/log_file, same as the first one, don't have the permission to install this package.
  3. auditctl -w /path/to/file, have this package but missing root permissions to run it.

what would be an alternative way to find out which process is writing the log to a file?

I'm looking for alternative ways because I'm working in an old production environment with some restricting and weird privileges.

Improve this question
9
  • You could try to tell us about the log file, maybe someone uses their human experience to recognize it :) Commented May 15, 2024 at 9:16
  • also, you could just run a locally-built lsof; no need to install it. Note that as non-root user, you have, no matter what you do very limited insight into what processes that are running as other users are doing. That's a very inherent security feature. Commented May 15, 2024 at 9:17
  • 1
    I’m voting to close this question because OP is asking how to perform a privileged operation without privileges - i.e. not possible. Commented May 15, 2024 at 9:20
  • 2
    "old" is not an excuse for "not being in control". Someone should have root access - speak to them. If nobody has root access then you have a much serious problem than described here. Commented May 15, 2024 at 9:37
  • 1
    this is not about a "clean way", this is about "absolutely no way, unless you find a very fundamental security flaw in the linux kernel, that nobody knows about so far" :) I don't think this needs to be closed, with the information given in your comments, we can write a (negative) answer. Commented May 15, 2024 at 9:51

1 Answer 1

Reset to default
0

Luckily, what you're trying to do is by principle a rather privileged operation: you're trying to look into other user's (UNIX meaning of the word "user") processes.

So, there's no alternative way, clean or not, to do that without the privileges you need. You'll have to ask someone who has the privileges to do so.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.