Story behind the daemon: a few weeks ago I noticed that I don’t have space in my /home. Investigation led to deleting ~20GiB of ancient garbage from the dot-dirs there. In too many cases I wasn’t been able to detect who created those files and if I need them. I didn’t like this situation, so I present you with a solution.
Be careful, though: the code isn’t tested. It is more like working “proof-of-concept” than a real release. Code is ugly as hell too. Pre-release beta of the alpha version.
But it works on my machine and can be initialized through the CLI, without recompiling or manual DB-editing. So it is usable. So use it.
Hmm, interesting…
As you’re here (easier than raising a ticket on github 😉)…
At present, the daemon doesn’t strictly detect file creation events. Instead, it logs processes that access files
2 things come to mind…
- Just curiosity - why not the creation time?
- If I set
noatimein my fstab, does that nullify this?
I do analyze creation time to differentiate creating from just accessing the old file. Yes, tampering with time will mess a little but it won’t be critical for the daemon functionality.
Is there an advantage to using this over the standard linux process accouting tools (psacct or acct package in most distros)?
Whomade is made for one particular job and aimed more at users of workstations who just use the OS to run programs, not admins. Good luck setting up “psacct or acct” without killing a few kittens. But if you can set up psacct and have enough interest in doing so, then no, this daemon is useless to you.
Definitely using this. I always find folders (not sure if it works on folders, too, or only files) that I have no idea where they come from. So, I worry that if I delete them I’d mess up something. Hope this helps me. Thank you.
I would need to install it now to use it in the future. But I don’t have the problem now, hence I don’t install it. When I need it, it won’t be installed. I install it after I need it and then I don’t need it for another year or so and then I uninstall it again because I don’t use and need it.
Out of curiosity, would it make sense to tag each (home dir) file with the creation/modification process (id)?
If yes, why is it not tagged by default? Could this be implemented upstream? It sounds extremely useful. Is it not?
I don’t understand. Yes, this daemon “tag each (home dir) file with the creation/modification process”.
i won’t have it installed when I need it because I only install stuff when I need it. As soon as I need it, it is too late. Hence it should be installed by default for all users - unless there is a shortcoming. Why is this not the default?
Because it isn’t THAT important tool. People lived for 80 years without this data and could live further without bothering. I bothered, though.
Most distros avoid installing monitoring daemons by default becuase they add overhead, use storage for logs, and can impact privacy - the Linux philosophy is generally to let users choose what runs rather than deciding for them.
Why did you pick fanotify over inotify?
inotify knows nothing about the process that accesses the file.
How interesting. I would have assumed that was something inotify would give you.
Thanks for the response
The title of the post could just as well be the description of some occult rite :)
That’s for Linux, not BSD.
