How to check who change folder ownership

[redhat]

machan la solaris wala how to check who change or what change the ownership of folder?

 

[RandomGuy]

Ask everyone?

 

[redhat]

using logs

 

[Kalegana]

බම්ප් තමයි මචන්..

 

[imhotep]

Read about the auditd daemon.

 

[dbug]

There is NO smoking gun in UNIX without auditing. Period.
Step 1:

Code:
ls -lc file_in_question

This gives you the exact time of the incident, unless you have already set permissions back to what they are supposed to be.

Assuming this time is really correct try to correlate that with who was logged in at that time. If you are very lucky only one person was logged in. Otherwise you get to guess who did it. How to do this?


Try:

Code:
last | more

This lists who has logged in and when they logged out. Since the the system was rebooted, in the order of newest to oldest. You can see the timestamp on the file, you can see who was connected to the system at that time. That is the best you can do. Right now. Enable auditing. Then you are covered from now on.

 

[kinkon]

බම්ප්

 

[beam_tech]

history nadda debian wala wage

 

[redhat]

There is NO smoking gun in UNIX without auditing. Period.
Step 1:

Code:
ls -lc file_in_question

This gives you the exact time of the incident, unless you have already set permissions back to what they are supposed to be.

Assuming this time is really correct try to correlate that with who was logged in at that time. If you are very lucky only one person was logged in. Otherwise you get to guess who did it. How to do this?


Try:

Code:
last | more

This lists who has logged in and when they logged out. Since the the system was rebooted, in the order of newest to oldest. You can see the timestamp on the file, you can see who was connected to the system at that time. That is the best you can do. Right now. Enable auditing. Then you are covered from now on.

s -lc file_in_question meken enne ls -lrt eke result ekamai ban
eken baha