使用inotify跟踪系统中的所有文件 [英] Using inotify to keep track of all files in a system
问题描述
问题:
可以使用 inotify
在[linux]系统中可靠地记录文件吗?
详细信息:
我尝试使用 inotifywait
来跟踪用户的移动(目前使用bash,但已经建议,我将其迁移到脚本语言)。最终,我想在创建时添加新的文件( create
, moved_from
),更新数据库中的现有行(修改
, attrib
, move_to
),最后删除一行文件删除( delete
)。然而,我却遇到了很多问题,就像一个看起来很简单的动作一样,会产生很多inotifywait消息。观察以下命令及其输出(注意,使用 / home / user /
纯粹是为了举例):
例子1:监听文件的创建:
$ inotifywait -mr / home / user / -e create --format%w:%f:%e:%T --timefmt%T
触摸:
$ touch test.txt
/home/user/:test.txt:CREATE:21:35:30
使用vim打开一个新文件,然后输入:w命令:
$ vim test2.txt
/home/user/:test2.txt:CREATE:21:35:30
使用vim打开一个已经存在的文件然后发出:w命令:
$ vim test2.txt
/ home / user /:4913:CREATE:21:35:30
/home/user/:test2.txt:CREATE:21:35:30
用gedit打开一个新文件,然后点击保存:
$ gedit test3.txt
/home/user/:test3.txt~:CREATE:21:35:30
$ b使用gedit打开现有文件,然后点击保存:
$ gedit test3.txt
/home/user/:.goutputstream-HN3ZDW:CREATE:21:35:30
/home/user/:test3.txt~:CREATE:21:35: 30
请注意,不仅有两个新文件显示为已创建(
4913
和.goutputstream -HN3ZDW
),而且创建的唯一文件是test3.txt〜$即使文件
test3.txt
和不是 test3.txt
在使用ls
命令进行检查时创建。为了完整起见,这里是上面的例子,但有几个选项。
示例1:侦听文件的创建,修改,删除和移动: / strong>
$ inotifywait -mr / home / user / -e create -e modify -e delete -e moved_to -e moved_from --format%w:%f:%e:%T --timefmt%T
Touch:
$ touch test.txt
/home/user/:test.txt :CREATE:21:35:30
用vim打开一个新文件然后问题:w命令:
$ vim test2.txt
/home/user/:test2.txt:CREATE :22:12:32
用vim打开一个已经存在的文件然后发出:w command:
$ vim test2.txt
/ home / user /:4913:CREATE:22:04 :35
/ home / user /:4913:DELETE:22:04:35
/home/user/:test2.txt:MOVED_FROM:22:04:35
/ home / user /:test2.txt~:MOVED_TO:22:04:35
/home/user/:test2.txt: CREATE:22:04:35
/home/user/:test2.txt~:DELETE:22:24:35
使用gedit打开一个新文件,然后点击保存:
$ b$ gedit test3.txt
/home/user/:test3.txt~:CREATE:21:35:30
使用gedit打开现有文件,然后点击保存:
$ gedit test3。 txt
/home/user/:.goutputstream-0WQ2DW:CREATE:22:06:34
/home/user/:test3.txt~:CREATE:22:06:34
/ home / user / :. goutputstream-0WQ2DW:MOVED_FROM:22:06:34
/home/user/:test3.txt:MOVED_TO:22:06:34
基本上我的问题是是否可以使用
inotify
更新数据库中的文件?例如,如果用户编辑一个文件并保存它,我希望它作为该文件的更新反映在数据库中,而不是替换完全不同文件的全新文件。任何帮助,将不胜感激,即使这是一个建议指着我在不同的方向。
与大多数编辑人员一样,Gedit首先编写临时文件,然后将文件移入到位。这样可以避免在编辑器或整个系统崩溃时写入文件的情况下,用半写的版本覆盖文件。 Vim采取了不同的方法(这可以配置,我不会在这里详细讨论 - 例如,参见 b
$ b如果要将这些记录为单个编辑事件,则必须在偶数记录上执行一些模式识别。创建 - 写入 - 移动序列,替换现有的文件和创建 - 移动 - 创建删除序列像VIM的将是原型模式。请注意,该模式可能会与其他事件交错。
我怀疑有更好的方法来做你想做的事,但我不明白你正在努力。如果您正在尝试记录用户操作,那么您已经找到了一种方法,但是有一些更简单的方法:记录或审计子系统。如果要保留所有文件版本的备份,请将编辑器连接到版本控制系统(这可让用户控制备份的内容)或使用 versioning filesystem ,例如 copyfs 。您甚至可以将文件直接存储在数据库中,方法是使用像 mysqlfs 或 postgresqlfs (当然,这两个项目看起来都没有保留)。
Question:
Can
inotify
be used to reliably record files in a [linux] system?Details:
I am attempting to use
inotifywait
to track users movements (currently using bash, but it has been suggested that I migrate to a scripting language). Ultimately I want to add new files to a database upon creation (create
,moved_from
), update existing rows in a database upon file modification (modify
,attrib
,move_to
), and finally remove a row upon file deletion (delete
). I am, however, running into many problems as even an action as seemingly simple as save, generates many inotifywait messages. Observe the following commands and their output (note, the use of/home/user/
is purely for example purposes):Examples:
Example 1: Listen for file creation:
$ inotifywait -mr /home/user/ -e create --format %w:%f:%e:%T --timefmt %T
Touch:
$touch test.txt /home/user/:test.txt:CREATE:21:35:30
Open a new file with vim then issue :w command:
$vim test2.txt /home/user/:test2.txt:CREATE:21:35:30
Open an existing file with vim then issue :w command:
$vim test2.txt /home/user/:4913:CREATE:21:35:30 /home/user/:test2.txt:CREATE:21:35:30
Open a new file with gedit then click save:
$gedit test3.txt /home/user/:test3.txt~:CREATE:21:35:30
Open an existing file with gedit then click save:
$gedit test3.txt /home/user/:.goutputstream-HN3ZDW:CREATE:21:35:30 /home/user/:test3.txt~:CREATE:21:35:30
Note that not only are two new files displayed as having ben created (
4913
and.goutputstream-HN3ZDW
), but also that the only file being created istest3.txt~
and nottest3.txt
, even though the filetest3.txt
is created when checked with thels
command. For completeness, here is the above example, but with a few more options.Example 1: Listen for file creation, modification, deltion, and movement:
$ inotifywait -mr /home/user/ -e create -e modify -e delete -e moved_to -e moved_from --format %w:%f:%e:%T --timefmt %T
Touch:
$touch test.txt /home/user/:test.txt:CREATE:21:35:30
Open a new file with vim then issue :w command:
$vim test2.txt /home/user/:test2.txt:CREATE:22:12:32
Open an existing file with vim then issue :w command:
$vim test2.txt /home/user/:4913:CREATE:22:04:35 /home/user/:4913:DELETE:22:04:35 /home/user/:test2.txt:MOVED_FROM:22:04:35 /home/user/:test2.txt~:MOVED_TO:22:04:35 /home/user/:test2.txt:CREATE:22:04:35 /home/user/:test2.txt~:DELETE:22:04:35
Open a new file with gedit then click save:
$gedit test3.txt /home/user/:test3.txt~:CREATE:21:35:30
Open an existing file with gedit then click save:
$gedit test3.txt /home/user/:.goutputstream-0WQ2DW:CREATE:22:06:34 /home/user/:test3.txt~:CREATE:22:06:34 /home/user/:.goutputstream-0WQ2DW:MOVED_FROM:22:06:34 /home/user/:test3.txt:MOVED_TO:22:06:34
Basically my question is "is it possible to use
inotify
to update a file in a database"? For example, if a user edits a file and saves it, I want it to be reflected in the database as an update to that file, and not a brand new file replacing a completely different file. Any help would be greatly appreciated, even if it's a suggestion pointing me in a different direction.解决方案
inotify
tells you what happens like it happens.Gedit, like most editors, saves by first writing a temporary file then moving that file into place. This avoids overwriting the file with a half-written version in case the editor or the whole system crashes while the file is being written. Vim takes a different approach (this can be configured, I won't go into details here — see e.g. why inode value changes when we edit in "vi" editor?): it first creates a temporary backup file, then writes the new file.
If you want these to be recorded as a single editing event, you'll have to perform some pattern recognition on the even log. A create-write-move sequence that replaces an existing file and a create-move-create delete sequence like vim's would be the archetypal patterns. Note that the pattern might be interleaved with other events.
I have a suspicion that there's a better way to do what you want to do, but I don't understand what you're trying to do. If you're trying to log user actions, you have already found a way, but there are simpler ways: loggedfs or the audit subsystem. If you want to keep a backup of all file versions, either hook up the editor to a version control system (this lets users control what gets backed up) or use a versioning filesystem such as copyfs. You can even store the files in the database directly, by using a filesystem like mysqlfs or postgresqlfs (admittedly neither project looks maintained).
这篇关于使用inotify跟踪系统中的所有文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!