I installed inotify and incrond to watch a directory and set the job as '/mnt/dir IN_ATTRIB chmod 0660 $@/$#' which worked very well except that as expected, IN_ATTRIB is to broad of a watch class as it caused an enormous amount of contention with the filemonitor and/or db server and the client side app was less than happy. Not to mention top showed it working away like mad... Is there any way to look for permission changes only, or something else that might work? Thanks! jlc
On Fri, May 01, 2009, Joseph L. Casale wrote:>I installed inotify and incrond to watch a directory and set the >job as '/mnt/dir IN_ATTRIB chmod 0660 $@/$#' which worked very well >except that as expected, IN_ATTRIB is to broad of a watch class as it >caused an enormous amount of contention with the filemonitor and/or >db server and the client side app was less than happy. Not to mention >top showed it working away like mad... > >Is there any way to look for permission changes only, or something else >that might work?Are you looking for real-time changes, or would an intrusion detection system such as aide or tripwire be sufficient? Bill -- INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792 Only government can take perfectly good paper, cover it with perfectly good ink and make the combination worthless. -- Milton Friedman
Joseph L. Casale wrote:> I installed inotify and incrond to watch a directory and set the > job as '/mnt/dir IN_ATTRIB chmod 0660 $@/$#' which worked very well > except that as expected, IN_ATTRIB is to broad of a watch class as it > caused an enormous amount of contention with the filemonitor and/or > db server and the client side app was less than happy. Not to mention > top showed it working away like mad... > > Is there any way to look for permission changes only, or something else > that might work? >I used the example 2 in the inotifywait manpage as the starting point for my script. Using the close_write, create & move events worked well for me. Looked at incrond - seemed overkill/overcomplicated - chose not to use it. But if it's fighting with something else in the background trying to do the same thing - it going to be a circular battle. -- tkb