3

I want to know which process changed files in some directory.

I had a look at inotify-tools, but it doesn't show the pid. I also look at fileschanged utility, but in my case it doesn't show anything at all, even that change happened.

Is there solution?

Bruno Pereira
  • 72,895
  • 33
  • 199
  • 223
damluar
  • 167
  • 8

1 Answers1

5

Take a look at fatrace written by Martin Pitt.

It will monitor all system-wide reads/writes/opens/closes alongside the PIDs and the names of their processes.

  1. Get it:

    bzr branch lp:fatrace

  2. Build it:

    cd fatrace
make

  3. Run it:

    sudo ./fatrace -t | grep "/path/to/your/file"
htorque
  • 63,950
  • 40
  • 194
  • 219
  • great tool, thanks! it would be better if I could make inotify tell process id, but if it's not possible, then I will use fatrace – damluar Feb 18 '12 at 09:45
  • What if you want to run it as a daemon? I tried `sudo fatrace/fatrace -t | grep "/home/eric/test.txt" >> ./monitor.txt &` but nothing gets inserted into monitor.txt – etang Jan 07 '16 at 21:59