Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to find out who changed the file permission in unix
Top Forums UNIX for Dummies Questions & Answers How to find out who changed the file permission in unix Post 302593420 by jim mcnamara on Thursday 26th of January 2012 10:01:27 PM
Old 01-26-2012
There is NO smoking gun in UNIX without auditing. Period. Frank gave you a way to guess. Guess means just that - take a stab based on circumstantial evidence.
Step 1:
Code:
ls -lc file_in_question

This gives you the exact time of the incident, unless you have already set permissions back to what they are supposed to be.

Assuming this time is really correct try to correlate that with who was logged in at that time. If you are very lucky only one person was logged in. Otherwise you get to guess who did it. How to do this?


Try:
Code:
last | more

This lists who has logged in and when they logged out. Since the the system was rebooted, in the order of newest to oldest. You can see the timestamp on the file, you can see who was connected to the system at that time. That is the best you can do. Right now. Enable auditing. Then you are covered from now on.
Last edited by jim mcnamara; 01-26-2012 at 11:10 PM..
This User Gave Thanks to jim mcnamara For This Post:
Uttamnsd
 

10 More Discussions You Might Find Interesting

1. Linux

How to changed Permission on Tape

I am unable to backup file on my tape drive # mt -f /dev/st0 status SCSI 2 tape drive: File number=0, block number=0, partition=0. Tape block size 0 bytes. Density code 0x25 (DDS-3). Soft error count since last status=0 General status bits on (45010000): BOT WR_PROT ONLINE IM_REP_EN #... (6 Replies)
Discussion started by: real-chess
6 Replies

2. Shell Programming and Scripting

Find File with permission below 664

Hi Using find i want to find files with permission below 664. (6 Replies)
Discussion started by: aliahsan81
6 Replies

3. Solaris

/usr/bin has been changed with 777 permission

Hello Guruz, Relay bad condition :mad: Some has changed the permission to 777 recursively for /usr/bin directory by mistake. Now all the permission looks to be 777 on /usr/bin Hence I am so many system related errors as 1 show below. When I am trying to change the password, I am getting... (5 Replies)
Discussion started by: bullz26
5 Replies

4. UNIX for Advanced & Expert Users

UNIX file Permission

I am trying to FTP files from windows to UNIX (IBM AIX). After having sent the files to unix server. Permisssion of the files becomes 640 (rw-r-----). I have to manually login to unix and do chmod 644 on the folder to give it permission. Is it possible that the files automaically be set to 644 on... (2 Replies)
Discussion started by: puspendu.das.in
2 Replies

5. OS X (Apple)

I accidentally changed to only write permission on /usr/bin... please Help!

I accidentally changed to sudo chmod a=w to my /usr/bin folder on my macbook with OS 10.5.8... Please help! I can't even get into a terminal correctly cause it displays: -bash: uname: command not found -bash: cut: command not found -bash: uname: command not found -bash: cut: command not found... (6 Replies)
Discussion started by: scaryMac23
6 Replies

6. UNIX for Dummies Questions & Answers

Simple question on unix file permission

As I understand the file permissions in UNIX is basically Owner, group, others Lets assume scott user who's primary group is dev creates a file called test.dat and then grants some privileges on that file... scott@unix-host> echo "this is a test" > test.dat scott@unix-host> chmod 640... (4 Replies)
Discussion started by: luft
4 Replies

7. HP-UX

owner Permission changed automatically

HI all, We had created new user using the command useradd -d /home/selva -s /usr/local/bin/bash selva. But it didnt created the home directory on /home. So i manually created, copied skel files manually and changed the owner from root to selva. At the same time i observed that so many files... (6 Replies)
Discussion started by: selvaforum
6 Replies

8. AIX

Syslogs permission not getting changed - aix 6.1

Friends, I've tried to modify the syslogs permission by using the perm option in the syslog configuration in AIX 6.1 TL 05. But its not getting applied after the configuration. Have restarted the syslog service also. Need your help!:wall: The below are the conf details and os versions >... (1 Reply)
Discussion started by: novaothers
1 Replies

9. Shell Programming and Scripting

Script to echo "File permissions or ownership changed from required " when accidentally changed.

Hi All, I have to work in the late nights some times for server maintenance and in a hurry to complete I am accidentally changing ownership or permission of directories :( which have similar names ( /var in root and var of some other directory ).:confused: Can some one suggest me with the... (1 Reply)
Discussion started by: shiek.kaleem
1 Replies

10. Linux

Mount point permission was changed

Hello everybody, I have many mount points on my virtual Redhat server, two of them lost their (write) permission, so they became read-only filesystems. I fixed this problem. But I want to know why it happened? What is the reason behind that to avoid it again? Where can I find related logs?... (2 Replies)
Discussion started by: Mohannad
2 Replies

LEARN ABOUT BSD

chmod

CHMOD(1)						      General Commands Manual							  CHMOD(1)

NAME

       chmod - change mode

SYNOPSIS

       chmod [ -Rf ] mode file ...

DESCRIPTION

       The  mode  of  each  named  file is changed according to mode, which may be absolute or symbolic.  An absolute mode is an octal number con-
       structed from the OR of the following modes:

       4000	 set user ID on execution
       2000	 set group ID on execution
       1000	 sticky bit, see chmod(2)
       0400	 read by owner
       0200	 write by owner
       0100	 execute (search in directory) by owner
       0070	 read, write, execute (search) by group
       0007	 read, write, execute (search) by others

       A symbolic mode has the form:

	      [who] op permission [op permission] ...

       The who part is a combination of the letters u (for user's permissions), g (group) and o (other).  The letter a stands for all, or ugo.	If
       who is omitted, the default is a but the setting of the file creation mask (see umask(2)) is taken into account.

       Op  can	be + to add permission to the file's mode, - to take away permission and = to assign permission absolutely (all other bits will be
       reset).

       Permission is any combination of the letters r (read), w (write), x (execute), X (set execute only if file is a	directory  or  some  other
       execute bit is set), s (set owner or group id) and t (save text - sticky).  Letters u, g, or o indicate that permission is to be taken from
       the current mode.  Omitting permission is only useful with = to take away all permissions.

       When the -R option is given, chmod recursively descends its directory arguments setting the mode for each file as  described  above.   When
       symbolic links are encountered, their mode is not changed and they are not traversed.

       If the -f option is given, chmod will not complain if it fails to change the mode on a file.

EXAMPLES

       The first example denies write permission to others, the second makes a file executable by all if it is executable by anyone:

	      chmod o-w file
	      chmod +X file

       Multiple  symbolic  modes  separated by commas may be given.  Operations are performed in the order specified.  The letter s is only useful
       with u or g.

       Only the owner of a file (or the super-user) may change its mode.

SEE ALSO

       ls(1), chmod(2), stat(2), umask(2), chown(8)

7th Edition							   May 22, 1986 							  CHMOD(1)
All times are GMT -4. The time now is 02:50 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy