next up previous contents
Next: 9.2.5 Gzipfs Up: 9.2 In-Core File Systems Previous: 9.2.3 Statefs

   
9.2.4 Snoopfs

A file system that will tell you who accessed what files or directories, and when. The file system will record, via direct console messages or syslog [SMCC90], the uid and gid of a process accessing files in this file system, the names of the files or directories, and the time of access. After recording this information, Snoopfs will forward the vnode request to the interposed file system, thus hiding the fact that this file system is being monitored.

Unix file permissions provide a mechanism to protect one's files from prying eyes, but there are many ways for remote users, especially ones with local root access on their workstations, to become a different user (using the su program) and then try and access someone else's files. Besides, even if the user was unsuccessful at poking about someone else's files (maybe a student looking for a leftover copy of a final exam in their instructor's account), the fact that such access was attempted may be an interesting fact on its own.



Erez Zadok
1999-12-07