0

Hello I need a little bit of help, please:

I have an excercise I want to do it is:

Create a script to monitor a DIRECTORY and for every file's creation append a new line in a register_file showing the date and hour, file's name and the name of the user who created the file.

I have tried:

inotifywait -m  -e create -o register_file --timefmt '%d-%m-%Y-%H:%M' --format '%T %f' ./

But how can I discover user's name?

Thank you.

My first intuition would be see /proc. I have studied man inotifywait inotifywatch and incron but nothing helps.

Yone
  • 219
  • Please explain why using ls -l or stat -f "%u" or stat -f "%Su" doesn't suite you. Or you want to do everything by inotifywait? – Fedor Dikarev Dec 10 '16 at 10:42
  • Inotity can only tell you the name of the file that was created, not who created it. You can use Linux auditing to log who created a file. – Mark Plotnick Dec 10 '16 at 15:49

2 Answers2

1

Disclaimer:
Not by any means an expert at inotify, I saw this as an opportunity to actually learn something new. With that out of the way, here is my approach:

#!/bin/bash

watchedDir="toWatch"

inotifywait -m "$watchedDir" -e create |
    while read -r file; do
        name=$(stat --format %U $file 2>/dev/null) 
        date=$(stat --format %y $file 2>/dev/null)
        fileName=${file/* CREATE /}
        echo "File: '$fileName' Creator: $name Date: ${date%.*}"
    done

Upon execution:

./watchDir.sh 
Setting up watches.
Watches established.

When I add a file to the directory toWatch from another terminal:

touch toWatch/a_file

...this is the output I get:

./watchDir.sh 
Setting up watches.
Watches established.
File: 'a_file' Creator: maulinglawns Date: 2016-12-10 12:29:42

And, adding another file...

touch toWatch/another_file

Gives...

./watchDir.sh 
Setting up watches.
Watches established.
File: 'a_file' Creator: maulinglawns Date: 2016-12-10 12:29:42
File: 'another_file' Creator: maulinglawns Date: 2016-12-10 12:31:15

Of course, if you want the output redirected to a file, you will have to implement that part.

This is based on @jasonwryan's post here. But I haven't figured out the --format option for inotifywait yet. It's on my TODO list, therefore I choose to use stat instead.

Community
  • 1
  • just add >> output_file after the "echo" and that's what he wanted – I-V Dec 10 '16 at 13:54
  • @I-V Yes, but I believe OP can handle that part. –  Dec 10 '16 at 13:57
  • . I have learned what menas '-r' as an option in a while read statement, and it means: do not allow backlashes escape any character. I think it is needed because file will contain them and bash could misunderstands those. Also, ${file/* CREATE /} means remove whatever goes beyond whatever CREATE, in the file string, replacing it with the empty string. Finally, I suppose ${date%.*} means to remove the shortest match from the back of date. – Yone Dec 12 '16 at 10:27
0

Here is a bash script which you can run and will give you the owner. Instead of echo the owner you can write it the the register_file

#! /bin/bash

export fCreation=$(tail -1 ./register_file) #get the newest file creation documentation
export fName=${fCreation##* } #get the last word, which is the file name

export details=$(ls -al | grep $fName)

export owner=${details#* } #removes the file's permissions
owner=${owner#* }
owner=${owner#* }
owner=${owner%% *}

echo $owner

actually if you use stat --format=%U $fName you will get the owner easily.

EDIT:

From man 7 inotify:

"Limitations and caveats- The inotify API provides no information about the user or process that" triggered the inotify event.

I-V
  • 235