Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: how to know who has deleted the file.
Top Forums UNIX for Dummies Questions & Answers how to know who has deleted the file. Post 302268811 by melias on Tuesday 16th of December 2008 10:49:05 AM
Old 12-16-2008
You'll need some kind of system accounting package, depending on the O/S you're using.
There's no default logging of super user commands, as super user is supposed to be the most trusted person to have system access. There's also security issues with logging all super user commands.

You could use a shell with history functionality (most have same form of command history), but these can be easily overcome by a malicious user. The only sure way is to install a system/process audit package and these are available for most distro's.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

retrieving a deleted file

hi!, is there any way to retrieve a file that I have deleted few minutes back?? I am using Solaris- 5.6.. :rolleyes: (2 Replies)
Discussion started by: jyotipg
2 Replies

2. Linux

how can i restore a deleted file

I am a relatively new linux user.would like to know how to undo a deleted file (2 Replies)
Discussion started by: wojtyla
2 Replies

3. Solaris

File deleted bymistake

Bymistake I deleted a file and there is no backup.Is there anyway to get that file. (1 Reply)
Discussion started by: csreenivas
1 Replies

4. Solaris

/etc/passwd file been deleted

Hi Folks , Would be grateful if someone could help me out in one of the question that came to my mind . If the /etc/passwd file has been deleted and the system has been rebooted . Then i dont think that any user would be able to login and the system will be useless . Whats the best solution for... (5 Replies)
Discussion started by: gera_sachin125
5 Replies

5. Shell Programming and Scripting

Lock a file from being deleted?

Hi In my script, users have the option to delete files from a directory, however, I don't want them to be able to delete the automatically generated log file. Is there anyway to lock a file from being deleted? Note: The file can't be read only as it has to be written to quite frequently. ... (3 Replies)
Discussion started by: Darren Taylor
3 Replies

6. Shell Programming and Scripting

restore deleted file

I accidently deleted the files from linux machine. How to restore back the files. (1 Reply)
Discussion started by: sandy1028
1 Replies

7. Solaris

Retrieve deleted file

hi there, Is there any way to retrive the deleted files from solaris, we are using solaris 10 and the file seems delete when it is opened. I search over by Google but no good result... tnx :-) (4 Replies)
Discussion started by: dagigg
4 Replies

8. UNIX for Dummies Questions & Answers

deleted a swap file

I attempted to delete a swap file (rm .<filename>.swp). Now the system is trying to delete one file that doesn't exist anymore and the file is adding a number in increments to the name of the file it is attempting to delete (filename1.csv, filename2.csv) The log says the filename1.csv does... (0 Replies)
Discussion started by: student21
0 Replies

9. UNIX for Dummies Questions & Answers

How to recover deleted file?

Hi All By mistake i have deleted some file in a directory, is there any way to get it back in Unix( i am using sh ) (2 Replies)
Discussion started by: parthmittal2007
2 Replies

10. UNIX for Dummies Questions & Answers

Restoring deleted file with rm -rf

Is there a way I could recover a deleted text file with "rm -rf" command. Running CentOS 6.5. Thank you. (5 Replies)
Discussion started by: galford
5 Replies

LEARN ABOUT BSD

lastcomm

LASTCOMM(1)						      General Commands Manual						       LASTCOMM(1)

NAME

       lastcomm - show last commands executed in reverse order

SYNOPSIS

       lastcomm [ -f file ] [ command name ] ... [user name] ... [terminal name] ...

DESCRIPTION

       Lastcomm gives information on previously executed commands.

       Option:

       -f file	 Read from file rather than the default accounting file.

       With  no  arguments,  lastcomm prints information about all the commands recorded during the current accounting file's lifetime.  If called
       with arguments, only accounting entries with a matching command name, user name, or terminal name are printed.  So, for example,

	    lastcomm a.out root ttyd0

       would produce a listing of all the executions of commands named a.out by user root on the terminal ttyd0.

       For each process entry, the following are printed.

	    The name of the user who ran the process.
	    Flags, as accumulated by the accounting facilities in the system.
	    The command name under which the process was called.
	    The amount of cpu time used by the process (in seconds).
	    The time the process exited.

       The flags are encoded as follows: ``S'' indicates the command was executed by the super-user, ``F'' indicates the command ran after a fork,
       but without a following exec, ``C'' indicates the command was run in PDP-11 compatibility mode (VAX only), ``D'' indicates the command ter-
       minated with the generation of a core file, and ``X'' indicates the command was terminated with a signal.

FILES

       /usr/adm/acct	   Default accounting file.

SEE ALSO

       last(1), sigvec(2), acct(8), core(5)

4th Berkeley Distribution					 February 3, 1995						       LASTCOMM(1)
All times are GMT -4. The time now is 06:55 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy