Operating System - HP-UX
1823229 Members
3564 Online
109648 Solutions
New Discussion юеВ

Re: Command to find out who read the files

 
SOLVED
Go to solution
Shivkumar
Super Advisor

Command to find out who read the files

Dear Sirs,

Wanted to know the command or way to find out which user read the files ?

Thanks,
Shiv
6 REPLIES 6
James R. Ferguson
Acclaimed Contributor
Solution

Re: Command to find out who read the files

Hi Shiv:

Short of examining a user's history file (assuming that it hasn't been automatically trimmed or deliberately erased), I believe that you are limited to creating your own logging to track *individual* file access.

The accounting modules are process-oriented and will track overall disk usage, but not individual file access as far as I know. Knowing *who* executed a particular command or funtion can certainly point to a read of a particular file or directory, but I don't think that this is sufficiently direct or definitive for what you are asking.

Permissions, groups and access-control lists are designed to prevent unauthorized access for non-root users. Aside from that, many files must be world-readable.

For shell scripts, non-root users must be able to *read* the file before the shell interpreter can *execute* the commands, so quite a few files must be left readable from that perspective too.

Regards!

...JRF...
Joseph Loo
Honored Contributor

Re: Command to find out who read the files

hi shiv,

james is right about .sh_history but this file may be amended by user who wants to remove any tracking.

another way is to turn on auditing with the events u want to audit but the system have to be trusted.

regards.
what you do not see does not mean you should not believe
A. Clay Stephenson
Acclaimed Contributor

Re: Command to find out who read the files

There is no way to do this with standard UNIX utilities and the shell history file is far from complete because this assumes that the shell is used to read a file but another application might be in play and you wouldn't have a clue. Probably the best approach is to configure "Tripwire".
http://sourceforge.net/projects/tripwire/
If it ain't broke, I can fix that.
Arunvijai_4
Honored Contributor

Re: Command to find out who read the files

Hi Shiv, You can't do it with standard UNIX. Looking into .sh_history only shows the command used, not the files read.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Yogeeraj_1
Honored Contributor

Re: Command to find out who read the files

hi shiv,

please find attached a link where you find details on how to implement tripwire

http://sourceforge.net/docman/display_doc.php?docid=2078&group_id=3130

hope this helps too!

kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Arturo Galbiati
Esteemed Contributor

Re: Command to find out who read the files

to see who is using a file:
fuser -u file
HTH,
Art