how to find which process had created any file in Linux

linux centos filesystems
9,171

Solution 1

If you don't have any process that monitors these changes/creations than you have no way to know which process actually created a file or did anything.

This link may help you start with files auditing : Linux audit files to see who made changes to a file

In case you are a programmer you may be interested in "Monitor Linux file system events with inotify"

Solution 2

No. You can only monitor future file creation by using the auditing subsystem.

Share:
9,171
P7oKhom
Author by

P7oKhom

Updated on September 18, 2022

Comments

  • P7oKhom
    P7oKhom over 1 year

    Is there any way to know which process had created any file in Linux Red Hat/CentOS 5?

  • user1686
    user1686 about 13 years
    inotify doesn't give the process ID; you would need to use fanotify for that.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cannot cleanup ghost mount points
Centos 5.5 [Read-only file system] issue after rebooting
How can I increase space on the Filesystem linux?
How can I get CentOS 5 to recognize an increase in drive space on my VM?
The XFS filesystem is broken in RHEL/CentOS 6.x - What can I do about it?
Why are my XFS filesystems suddenly consuming more space and full of sparse files?
Where is ACL data technically stored?
mv: cannot move "home" to "home-old": Device or resource busy
How are ACL permissions processed and in what order do they apply to a given user action?
What happens when I truncate a file that is in use?