Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to find out who changed the file permission in unix
Top Forums UNIX for Dummies Questions & Answers How to find out who changed the file permission in unix Post 302593420 by jim mcnamara on Thursday 26th of January 2012 10:01:27 PM
Old 01-26-2012
There is NO smoking gun in UNIX without auditing. Period. Frank gave you a way to guess. Guess means just that - take a stab based on circumstantial evidence.
Step 1:
Code:
ls -lc file_in_question

This gives you the exact time of the incident, unless you have already set permissions back to what they are supposed to be.

Assuming this time is really correct try to correlate that with who was logged in at that time. If you are very lucky only one person was logged in. Otherwise you get to guess who did it. How to do this?


Try:
Code:
last | more

This lists who has logged in and when they logged out. Since the the system was rebooted, in the order of newest to oldest. You can see the timestamp on the file, you can see who was connected to the system at that time. That is the best you can do. Right now. Enable auditing. Then you are covered from now on.
Last edited by jim mcnamara; 01-26-2012 at 11:10 PM..
This User Gave Thanks to jim mcnamara For This Post:
Uttamnsd
 

10 More Discussions You Might Find Interesting

1. Linux

How to changed Permission on Tape

I am unable to backup file on my tape drive # mt -f /dev/st0 status SCSI 2 tape drive: File number=0, block number=0, partition=0. Tape block size 0 bytes. Density code 0x25 (DDS-3). Soft error count since last status=0 General status bits on (45010000): BOT WR_PROT ONLINE IM_REP_EN #... (6 Replies)
Discussion started by: real-chess
6 Replies

2. Shell Programming and Scripting

Find File with permission below 664

Hi Using find i want to find files with permission below 664. (6 Replies)
Discussion started by: aliahsan81
6 Replies

3. Solaris

/usr/bin has been changed with 777 permission

Hello Guruz, Relay bad condition :mad: Some has changed the permission to 777 recursively for /usr/bin directory by mistake. Now all the permission looks to be 777 on /usr/bin Hence I am so many system related errors as 1 show below. When I am trying to change the password, I am getting... (5 Replies)
Discussion started by: bullz26
5 Replies

4. UNIX for Advanced & Expert Users

UNIX file Permission

I am trying to FTP files from windows to UNIX (IBM AIX). After having sent the files to unix server. Permisssion of the files becomes 640 (rw-r-----). I have to manually login to unix and do chmod 644 on the folder to give it permission. Is it possible that the files automaically be set to 644 on... (2 Replies)
Discussion started by: puspendu.das.in
2 Replies

5. OS X (Apple)

I accidentally changed to only write permission on /usr/bin... please Help!

I accidentally changed to sudo chmod a=w to my /usr/bin folder on my macbook with OS 10.5.8... Please help! I can't even get into a terminal correctly cause it displays: -bash: uname: command not found -bash: cut: command not found -bash: uname: command not found -bash: cut: command not found... (6 Replies)
Discussion started by: scaryMac23
6 Replies

6. UNIX for Dummies Questions & Answers

Simple question on unix file permission

As I understand the file permissions in UNIX is basically Owner, group, others Lets assume scott user who's primary group is dev creates a file called test.dat and then grants some privileges on that file... scott@unix-host> echo "this is a test" > test.dat scott@unix-host> chmod 640... (4 Replies)
Discussion started by: luft
4 Replies

7. HP-UX

owner Permission changed automatically

HI all, We had created new user using the command useradd -d /home/selva -s /usr/local/bin/bash selva. But it didnt created the home directory on /home. So i manually created, copied skel files manually and changed the owner from root to selva. At the same time i observed that so many files... (6 Replies)
Discussion started by: selvaforum
6 Replies

8. AIX

Syslogs permission not getting changed - aix 6.1

Friends, I've tried to modify the syslogs permission by using the perm option in the syslog configuration in AIX 6.1 TL 05. But its not getting applied after the configuration. Have restarted the syslog service also. Need your help!:wall: The below are the conf details and os versions >... (1 Reply)
Discussion started by: novaothers
1 Replies

9. Shell Programming and Scripting

Script to echo "File permissions or ownership changed from required " when accidentally changed.

Hi All, I have to work in the late nights some times for server maintenance and in a hurry to complete I am accidentally changing ownership or permission of directories :( which have similar names ( /var in root and var of some other directory ).:confused: Can some one suggest me with the... (1 Reply)
Discussion started by: shiek.kaleem
1 Replies

10. Linux

Mount point permission was changed

Hello everybody, I have many mount points on my virtual Redhat server, two of them lost their (write) permission, so they became read-only filesystems. I fixed this problem. But I want to know why it happened? What is the reason behind that to avoid it again? Where can I find related logs?... (2 Replies)
Discussion started by: Mohannad
2 Replies

LEARN ABOUT REDHAT

rusers

RUSERS(1)						    BSD General Commands Manual 						 RUSERS(1)

NAME

     rusers -- who is logged in to machines on local network

SYNOPSIS

     rusers [-al] [host ...]

DESCRIPTION

     The rusers command produces output similar to who, but for the list of hosts or all machines on the local network. For each host responding
     to the rusers query, the hostname with the names of the users currently logged on is printed on each line. The rusers command will wait for
     one minute to catch late responders.

     The following options are available:

     -a      Print all machines responding even if no one is currently logged in.

     -l      Print a long format listing. This includes the user name, host name, tty that the user is logged in to, the date and time the user
	     logged in, the amount of time since the user typed on the keyboard, and the remote host they logged in from (if applicable).

DIAGNOSTICS

     rusers: RPC: Program not registered
	     The rpc.rusersd(8) daemon has not been started on the remote host.

     rusers: RPC: Timed out
	     A communication error occurred.  Either the network is excessively congested, or the rpc.rusersd(8) daemon has terminated on the
	     remote host.

     rusers: RPC: Port mapper failure - RPC: Timed out
	     The remote host is not running the portmapper (see portmap(8) ), and cannot accomodate any RPC-based services.  The host may be down.

SEE ALSO

     rwho(1) users(1), who(1), portmap(8), rpc.rusersd(8)

HISTORY

     The rusers command appeared in SunOS.

BUGS

     The sorting options are not implemented.

Linux NetKit (0.17)						  August 15, 1999					       Linux NetKit (0.17)
All times are GMT -4. The time now is 09:45 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy