Return to Revisions

2 of 3

formatting

edited Sep 25, 2011 at 3:53

74.9k
35
204
230

How to trace that what had "chmod 640"'ed the "/etc/passwd" file?

On AIX 6100-05-02-1034, something is frequently changing the permissions of the /etc/passwd file to 640. That's bad...

How could I trace that what is chmoding the file? There is no history 1000 | fgrep -i chown, I think a process is chmoding the file, but which one? dtrace can do this? it's not on AIX

aix

asked Sep 25, 2011 at 3:22

LanceBaynes

41.6k
101
256
355