> Let's say I want to know who (what process) accesses my .plan file. Or I
> want to know every time some process accesses my /etc/passwd. Every time
> a file, any file on my system, is accessed, I want to be notified. In
> what way can I accomplish this under linux?
[...]
> The only way I see thus far is writing a kernel module which will fit in
> the VFS (Virtual File System) layer. The module will wrap all file
> access function calls with my own logging functions. Can anyone
> recommend a better, preferably user space solution?
I doubt you can do it in user space. But it sounds like what you actually
want it to wrap the open() system call.
> (If you're wondering what practical use this little project might have-
> I'm not really sure. But it seems like a fun excersise...)
Security vendors and hackers have been doing this for years. I'm sure
you can find sample code on the web.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
