1

I am working on a little project in C on Linux and I ran into a problem. I must make a program that simulates the activity of a WatchDog. So I wrote almost all the code, but I don't know how to do the most important part. While my app is running in the background, it must detect when certain files are accessed. I have stored in some structures the inode, the path and the name of those files. So, having this info about the files, how can I detect when a process (any process, not a certain one) tries to access one of the files? Edit: Actually, I must detect the following events: when a file has been opened and when someone tries to modify the file. Like, if a user writes something to a file and then tries to save the changes, I must allow him or not to do that.

alan.nick
  • 13
  • 2
  • Why not just remove write permissions from the file? – Ignacio Vazquez-Abrams Feb 12 '15 at 16:55
  • Never done that but I believe you should do a system call to get all the processes then get the list of handles for each process then get the file name for these handles. – Tarik Feb 12 '15 at 16:58
  • You need to prevent the write or you need to detect it passively? – Barmar Feb 12 '15 at 16:58
  • You can use `inotify` to be notified about changes to files. But I don't think you can get notifications about files being opened or read. – Barmar Feb 12 '15 at 16:59
  • 1
    Actually, it looks like you can. There's an `IN_OPEN` event. See http://man7.org/linux/man-pages/man7/inotify.7.html for the documentation of `inotify` – Barmar Feb 12 '15 at 17:00
  • @Tarik thanks. I found some ways to do that while google-ing for my problem, but I thought there is some other way to do what I want. – alan.nick Feb 12 '15 at 17:02
  • @Barmar sometimes I'll want to prevent it, sometimes I'll allow it. So, I need to detect it passively. I'll check that event. Thanks! – alan.nick Feb 12 '15 at 17:03
  • @IgnacioVazquez-Abrams because in some cases I want to allow the user to make changes to the file. – alan.nick Feb 12 '15 at 17:04
  • I googled out and found that inotify can do the job. @Barmar also mentions it in his comment. – Tarik Feb 12 '15 at 17:05
  • `inotify` just lets you detect things passively, you can't intercede. To do that you'll would have to be able to control the process. – Barmar Feb 12 '15 at 17:05

1 Answers1

0

You are looking for file system watcher. For that you can use Inotify: http://en.m.wikipedia.org/wiki/Inotify

Tarik
  • 10,810
  • 2
  • 26
  • 40
  • From what I read, it should do it. I'll try it and I'll keep you up to date. Thank you! [can't upvote the answer because I just signed up and I don't have the required reputation] – alan.nick Feb 12 '15 at 17:09
  • Unfortunately the asker needs functionality that inotify cannot provide. – Ignacio Vazquez-Abrams Feb 12 '15 at 17:13
  • "if a user writes something to a file and then tries to save the changes, I must allow him or not to do that." That would require you to intercept system calls that open files and write to them. Inotify does not do that indeed. – Tarik Feb 12 '15 at 17:18
  • 1
    By the way, if a user writes to a file, then there is no such a thing as saving his changes. It's already done. – Tarik Feb 12 '15 at 17:22
  • My answer is not that good. See http://stackoverflow.com/questions/69859/how-could-i-intercept-linux-sys-calls on how to intercept system calls. – Tarik Feb 12 '15 at 17:27