Login or Register to Ask a Question and Join Our Community


AIX

To find the user who has created the file

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX To find the user who has created the file
# 1  
Old 09-16-2015
To find the user who has created the file
Hi

On our AIX 7.1 server we have a file named /content/development/system.tar with ownership as root.
Many people on our Unix team has sudo access and they will be able to sudo to root user.
We want to which particular user has actually created this file.
Is it possible to find that ? Please let me know.

Code:
[pmut3:root:/home/root:] ls -ld /content/development/system.tar
-rw-r--r--    1 root     system   22412608000 Sep 19 2014 /content/development/system.tar

# 2  
Old 09-16-2015
I doubt... Unless you configured all the system for each person who can sudo to have complete activity logs...
You could try using last command to find who was connected at the time, then search in their history but then in .sh_history you have no dates or time stamps to help you...
To start I suggest you look how your sudo is configured, maybe you are lucky...
# 3  
Old 09-16-2015
another way is to have audit on AIX box.
# 4  
Old 09-17-2015
Another way would be to use RBAC - because then you get additional privileges, but you do not change your userid.
# 5  
Old 09-17-2015
If you give someone root access you also give the ability to them to cover their tracks...
# 6  
Old 09-18-2015
As agent.kgb mentioned, you can also use audit - even redirecting to syslog. audit reports both the euid (effective uid) and the ruid (real uid, or login id).

For a simple way to feed audit into syslog look at a blog of mine here: IBM Systems Magazine - Combining audit and syslog (that was hard to find - they archived it!) or a related article I wrote on the same topic at: ROOTVG - AIX, LinuxOnPower & POWER Systems Portal - Stream AIX AUDIT into SYSLOG

Is this helping? As we certainly hope so!
# 7  
Old 09-18-2015
You can check sulog file and compare timestamps if the file in question has not been modified since.
If john used sudo command and the file has been created around that time you could have something.

This is, of course, if one didn't use sudo to sudo himself out of sulog Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How I can find the last file created and move it to a directory?

I have this situation /u03/app/banjobs> ls -ltr icg* 82 Jun 12 10:37 iicgorldi_2419186.log 56810484 Jun 17 10:35 icgorldi_2421592.xml 2859 Jun 17 10:35 icgorldi_2421592.lis - 125 Jun 17 10:35 icgorldi_2421592.log 82 Jun 12 10:37 iicgorldi_2419187.log ... (8 Replies)
Discussion started by: Bernardo Jarami
8 Replies

2. Shell Programming and Scripting

Find the file created on current date

Hi All, I'm trying to find a file which is created on current day.... I searched in unix.com and i found, below command. find /land/ -mtime -1 -type f -print | grep "FF_Member_STG.dat" The command checks if the file with name "FF_Member_STG.dat" is created today then exit else proceed. ... (3 Replies)
Discussion started by: ace_friends22
3 Replies

3. HP-UX

How to find a file created in UNIX every monday.???

Hi All Any one please suggest me... I have one directory every monday one file will be created in that directory. so if the file is created on monday or not i need check first. How can write a script??? if the file is not created i want to quit from script. Thanks K.Srinivas (5 Replies)
Discussion started by: k_s_rao7
5 Replies

4. Shell Programming and Scripting

Changing file permissions of a file created by another user

Hi, I have used expdp for datapump. The .dmp file is created by the "oracle" user. my requirement is to make a zipped file of this .dmp file. What i am trying to do is change the permissions of this .dmp file from 0640 to 0644 and then do a gzip and zip it. Is there any way i can change... (3 Replies)
Discussion started by: qwertyu
3 Replies

5. UNIX for Dummies Questions & Answers

How to find out when a file was created?

Hi All I use solaris 9 and just realised my opt volume has grown to 99%. How can I find out which file was created on the opt volume for it to have grown to 99%? Which command should I use since I can't go through each individual file to look at the date the files were created. Regard (3 Replies)
Discussion started by: rahmantanko
3 Replies

6. Shell Programming and Scripting

Find first created file date in YYYYMMDD format

Hi All, We are copying all the files into ARCHIVE directory after we process them. We are doing this process from last 2 years, now we have a lot of files in ARCHIVE directory. Now I need to find when the first file is copied into this directory? If I Issue, ls -l /ARCHIVE/*.* | tail -1... (3 Replies)
Discussion started by: Raamc
3 Replies

7. Shell Programming and Scripting

How remove the file which was created by another user?

When I try to remove the file which was created by another user through super user, I am getting the "override protection 644 " meesage. Could you please anyone help me how will I delete the file without prmpting the override protection. I have also given the permission (rwx) to the group as... (3 Replies)
Discussion started by: kandi.reddy
3 Replies

8. UNIX for Dummies Questions & Answers

Find all files created by a specified user in a directory and its subdirectories

Is there a command or shell script which can be used for Finding all files created by a specified userid in a directory and its subdirectories. Say, I want to find all such files in directory /abc as well as in all the subdirectories such as /abc/xyz or /abc/xyz/pqr aqnd so on which was created... (5 Replies)
Discussion started by: abhilashnair
5 Replies

9. Shell Programming and Scripting

Need to find created date of file in UNIX

I need to write a script which has to list all the files which are created before six months from now. kindly help on this ... (7 Replies)
Discussion started by: amirthraj_12
7 Replies

10. Shell Programming and Scripting

I want to get the file which created the error when the find command was run

I want to get the file which created the error when the find command was run ? I am wrote a script to mail a list of files whose file size is ge than 0 and returns 0 but wen it finds a folder with only empty files it exits as 1. i need to modify it so that the return for this is also 0 (but it... (1 Reply)
Discussion started by: guhas
1 Replies
Login or Register to Ask a Question