HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

How to audit chmod?

 
SOLVED
Go to solution
Olga_1
Regular Advisor

How to audit chmod?

We have a situation where something/somebody changes group on an oracle file. How to audit who/what does it? chmod does not change the timestamp of the file, so we cannot even know when it is done.
Any information would be great.
3 REPLIES
James R. Ferguson
Acclaimed Contributor
Solution

Re: How to audit chmod?

Hi Olga:

You might look in the shell '.sh_history' file to see if you find any indication of interactive 'chmod' use.

You might also examine any script run as crontasks.

Changing the permissions or ownership or name of a file or directory will be reflected in the 'ctime' (change time) of the entity. That is, an:

# ls -lc

...will show the 'ctime'.

Be advised that this can be misleading, since many backup utilities will reset a file's last access timestamp ('atime' seen by 'ls -ul'). This change also toggles a change in the 'ctime'.

If the entity in question is a directory, any additions or deletions to the directory will change the directory's 'ctime'.

Regards!

...JRF...

Re: How to audit chmod?

If you want to catch it in the future, you can turn on auditing.

Note: some sysadmin or DBA changed the permission.
Olga_1
Regular Advisor

Re: How to audit chmod?

We found that command crsctl that is part of the package shutdown changes the group of the executable.