Ask Ubuntu Asked by Tashkhisi on December 31, 2021
I want to know which user has tried to access specific file and consequently got permission denied error. Is there any way to do that in Ubuntu?
I believe you can configure rules to do what you're asking with auditd(auditctl).
I can't help with it beyond this, because my only experience with it was shutting it off when it was killing my machine due to the excessive logging. But they seem to have solved this problem (at least back then): https://unix.stackexchange.com/questions/220250/using-auditd-to-capture-permission-denied-notices
Answered by WU-TANG on December 31, 2021
No. A simple failure to open a file is a process-related issue, not a system issue. The process trying to open the file is the only one that knows the open failed.
Since "permission denied" is a valid return status, and happens often, it's not logged.
Answered by waltinator on December 31, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP