Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

file creation

Status
Not open for further replies.
ac325ci

ac325ci

MIS
Jan 16, 2004
128
US
is there a way to find out what process created a file ?
something like when u see a core file.. u do a file core and u can see what dumped it.. thanks..
 
Sort by date Sort by votes
No, in a ufs file system, the file information is kept in a structure called an inode. There's nothing in the inode to record what process created it.

It does record the userid and groupid of the process that created it, and you might be able to approximate what created it with history files, but that doesn't guarantee you've got the correct process.

The otherway would be if you kept repeatedly running lsof and caught the process in the act.

Otherwise no.

Why are you trying to find out? That may trigger other ideas.
 
Upvote 0 Downvote
there's a file that gets written to so often.. trying to find the process or script that does this..
 
Upvote 0 Downvote
Is there anything in cron that writes to the file (if you mean 'every so often').
 
Upvote 0 Downvote
nothing in cron.. im thinkin its from an application.. just trying to find which app
 
Upvote 0 Downvote
What is the owner userid of the file?

If the create or last modification date of the file is always the same time each day, look at that userid's crontab. It's probably a cron job.

If you think it's someone that's logged on and running something, type "[tt]last[/tt]" and see who might have been logged on at that time.

If the file always has the same name, or at least a predictable name, create a file with that name and change the permissions on it to "000" ([tt]chmod 000 filename[/tt]). Then wait to see if something fails. This is kind of a shot in the dark since you may not see a failure message.

You could look for which file (program or script) had the filename in it. Say the file is called "[tt]mystery.file[/tt]", try something like this...
Code: 
find / -type f -exec fgrep mystery.file {} \; 2>/dev/null
# or maybe
find / -type f -print -exec strings {} \; | egrep '^/|mystery.file' > hunt.log
This hasn't been tested, so I'm sure it's not quite correct, but you get the idea.

Can you tell us the name of the file? And the directory it's in? Maybe it's a known file.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

austinramsay
  • Locked
  • Question
Solaris 10 install hanging at 3%.. Where to find log file, or ideas?
Replies
1
Views
579
AvayaTier3
AvayaTier3
MauroCMSVR
  • Locked
  • Question
Print as PDF file in Solaris System
Replies
0
Views
466
MauroCMSVR
MauroCMSVR
tekmhe
  • Locked
  • Question
Using a PC, how to delete files from a Sunblade 150 IDE drive?
Replies
3
Views
396
SamBones
SamBones
CChambleeJr
  • Locked
  • Question
How to create file system on USB Drive
Replies
1
Views
286
SamBones
SamBones
tekpchak
  • Locked
  • Question
Host file to DNS zone creation solution?
Replies
0
Views
122
tekpchak
tekpchak

Part and Inventory Search

Sponsor

Back
Top