Directories modified time is updated when files are created or removed. Lots of stuff create files in /tmp then remove them a few seconds later.
-----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of Romanowski, John (OFT) Sent: Friday, August 11, 2006 9:28 AM To: [email protected] Subject: Re: How to find what's been writing to a partition? Anyone know why the /tmp directory's time-stamp changes so frequently and is only a few minutes old? /tmp is another file system on the server. drwxrwxrwt 32 root root 4096 Aug 11 12:16 tmp -------------------------------------------------------- This e-mail, including any attachments, may be confidential, privileged or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system. -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Fargusson.Alan Sent: Friday, August 11, 2006 12:18 PM To: [email protected] Subject: Re: How to find what's been writing to a partition? Your find command looks good. You are right that this will not find files that have been deleted. -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of Romanowski, John (OFT) Sent: Friday, August 11, 2006 8:56 AM To: [email protected] Subject: How to find what's been writing to a partition? I'm trying to find the disk files that account for the bulk of the write activity to the root partition over the last few days. For example to look for those files in the / partition I'm using: find / -xdev -mtime -6 (intent being to look within the root partition only (-xdev) for files that have changed anytime within the last 6 days) But, this wouldn't find files that were created and deleted during that time and maybe that's the bulk of the write activity. Is my "find" command ok? Any other strategies to find what's writing to the partition? I'm puzzled by find's sparse results, especially since /tmp is another filesystem mounted at /tmp and I'm not expecting it to be "found": find / -xdev -mtime -6 /dev/tty /dev/ttyS0 /etc /etc/cups/certs /etc/cups/certs/0 /etc/security /etc/security/opasswd /etc/security/opasswd.old /etc/shadow /etc/shadow.old /tmp ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
