Find the answer to your Linux question:
Results 1 to 6 of 6
Hi! Thing that i want is " I have a directory called /usr/share, so want that whenever there are changes made in this directory or fille it call some program/script" ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2004
    Posts
    33

    linux triger


    Hi!
    Thing that i want is " I have a directory called /usr/share, so want that whenever there are changes made in this directory or fille it call some program/script"

    it is just like trigger in pgsql

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    The only way to do that AFAIK, is to write a program that uses the F_NOTIFY call to fcntl. The kernel itself cannot be configured to call a program when a directory is changed. Other ways to do it include hacking the kernel and writing a wrapper library to libc, so I'd say the way I first mentioned is probably the easiest.

    May I ask what you want this for?

  3. #3
    Just Joined!
    Join Date
    Jan 2004
    Posts
    33
    just for keeping log.
    that when,who,added /deleted the files from the folder /var/www/html/

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I honestly don't think that there is a really good solution for that. There are some forces that are moving towards implement POSIX security auditing in Linux, but in the meantime, it's quite hard.

    The easiest way might actually be to modify the kernel. For a 2.6.0 kernel, you could, for example, do this:

    Look up sys_unlink in fs/namei.c and add the lines that are preceded by pluses:
    Code:
    asmlinkage long sys_unlink(const char __user * pathname)
    {
    	int error = 0;
    	char * name;
    	struct dentry *dentry;
    	struct nameidata nd;
    	struct inode *inode = NULL;
    
    	name = getname(pathname);
    	if(IS_ERR(name))
    		return PTR_ERR(name);
    
    	error = path_lookup(name, LOOKUP_PARENT, &nd);
    	if (error)
    		goto exit;
    	error = -EISDIR;
    	if (nd.last_type != LAST_NORM)
    		goto exit1;
    	down(&nd.dentry->d_inode->i_sem);
    	dentry = lookup_hash(&nd.last, nd.dentry);
    	error = PTR_ERR(dentry);
    +	if(!strncmp(pathname, "/var/www/html", 13))
    +		printk(KERN_INFO, "UID %i unlinked %s\n", current->uid, pathname);
    	if (!IS_ERR(dentry)) {
    		/* Why not before? Because we want correct error value */
    		if (nd.last.name[nd.last.len])
    			goto slashes;
    		inode = dentry->d_inode;
    		if (inode)
    			atomic_inc(&inode->i_count);
    		error = vfs_unlink(nd.dentry->d_inode, dentry);
    	exit2:
    		dput(dentry);
    	}
    	up(&nd.dentry->d_inode->i_sem);
    exit1:
    	path_release(&nd);
    exit:
    	putname(name);
    
    	if (inode)
    		iput(inode);	/* truncate the inode here */
    	return error;
    
    slashes:
    	error = !dentry->d_inode ? -ENOENT :
    		S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
    	goto exit2;
    }
    Then, in the same file, find the function open_namei, and add these lines:
    Code:
    	/* Negative dentry, just create the file */
    	if (!dentry->d_inode) {
    		if (!IS_POSIXACL(dir->d_inode))
    			mode &= ~current->fs->umask;
    		error = vfs_create(dir->d_inode, dentry, mode, nd);
    		up(&dir->d_inode->i_sem);
    		dput(nd->dentry);
    		nd->dentry = dentry;
    		if (error)
    			goto exit;
    		/* Don't check for write permission, don't truncate */
    +		if(!strncmp(pathname, "/var/www/html", 13))
    +			printk(KERN_INFO, "UID %i created %s", current->uid, pathname);
    		acc_mode = 0;
    		flag &= ~O_TRUNC;
    		goto ok;
    	}
    Then just recompile the kernel, reboot, and it should work.

  6. #5
    Just Joined!
    Join Date
    Jan 2004
    Posts
    33
    Code:
       if(!strncmp(pathname, "/var/www/html", 13))
           printk(KERN_INFO, "UID %i created %s", current->uid, pathname);
    ^^ this code means that if the path is NOT this then print the message? right
    should it not be this
    Code:
       if(strncmp(pathname, "/var/www/html", 13))
           printk(KERN_INFO, "UID %i created %s", current->uid, pathname);
    ^^ this means if the path is this then print.

    ok i got this, now where all these messages are being printed/stored.?

    should i only run make
    or what else command sequence for compiling kernel

    thanx for your help

  7. #6
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    No, all the strcmp calls return zero when the strings match. When the strings don't match, they return the numerical difference between the first two characters that weren't the same. That is so that it's easy to use for sorting strings as well as comparing them for equality.

    The messages will be caught by the syslog. Where they are stored is up to the /etc/syslog.conf file. They are logged using the "kernel" facility.

    It's the normal make sequence for kernel compilation: "make dep" (only for kernels before 2.6), "make bzImage", "make modules", "make modules_install", and then copy the new arch/i386/boot/bzImage file to your boot directory and update whatever boot loader you're using.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •