HPE Community
Operating System - HP-UX
1823214 Members
3630 Online
109648 Solutions
New Discussion юеВ

Re: Command to find out who read the files

 
SOLVED
Go to solution
Shivkumar
Super Advisor

тАО12-26-2005 08:05 AM

тАО12-26-2005 08:05 AM

Command to find out who read the files

Dear Sirs,

Wanted to know the command or way to find out which user read the files ?

Thanks,
Shiv
0 Kudos
Reply
6 REPLIES 6
James R. Ferguson
Acclaimed Contributor

тАО12-26-2005 08:45 AM

тАО12-26-2005 08:45 AM

Solution

Re: Command to find out who read the files

Hi Shiv:

Short of examining a user's history file (assuming that it hasn't been automatically trimmed or deliberately erased), I believe that you are limited to creating your own logging to track *individual* file access.

The accounting modules are process-oriented and will track overall disk usage, but not individual file access as far as I know. Knowing *who* executed a particular command or funtion can certainly point to a read of a particular file or directory, but I don't think that this is sufficiently direct or definitive for what you are asking.

Permissions, groups and access-control lists are designed to prevent unauthorized access for non-root users. Aside from that, many files must be world-readable.

For shell scripts, non-root users must be able to *read* the file before the shell interpreter can *execute* the commands, so quite a few files must be left readable from that perspective too.

Regards!

...JRF...
Reply
Joseph Loo
Honored Contributor

тАО12-26-2005 10:50 AM

тАО12-26-2005 10:50 AM

Re: Command to find out who read the files

hi shiv,

james is right about .sh_history but this file may be amended by user who wants to remove any tracking.

another way is to turn on auditing with the events u want to audit but the system have to be trusted.

regards.
what you do not see does not mean you should not believe
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО12-26-2005 01:07 PM

тАО12-26-2005 01:07 PM

Re: Command to find out who read the files

There is no way to do this with standard UNIX utilities and the shell history file is far from complete because this assumes that the shell is used to read a file but another application might be in play and you wouldn't have a clue. Probably the best approach is to configure "Tripwire".
http://sourceforge.net/projects/tripwire/
If it ain't broke, I can fix that.
0 Kudos
Reply
Arunvijai_4
Honored Contributor

тАО12-26-2005 02:54 PM

тАО12-26-2005 02:54 PM

Re: Command to find out who read the files

Hi Shiv, You can't do it with standard UNIX. Looking into .sh_history only shows the command used, not the files read.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

тАО12-26-2005 02:55 PM

тАО12-26-2005 02:55 PM

Re: Command to find out who read the files

hi shiv,

please find attached a link where you find details on how to implement tripwire

http://sourceforge.net/docman/display_doc.php?docid=2078&group_id=3130

hope this helps too!

kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Arturo Galbiati
Esteemed Contributor

тАО12-26-2005 07:44 PM

тАО12-26-2005 07:44 PM

Re: Command to find out who read the files

to see who is using a file:
fuser -u file
HTH,
Art
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.