GitHub - ANGulchenko/whatmade: Whatmade is a Linux daemon that monitors user-specified directories and records which process created each file.
github.com
Whatmade is a Linux daemon that monitors user-specified directories and records which process created each file. - ANGulchenko/whatmade

Story behind the daemon: a few weeks ago I noticed that I don’t have space in my /home. Investigation led to deleting ~20GiB of ancient garbage from the dot-dirs there. In too many cases I wasn’t been able to detect who created those files and if I need them. I didn’t like this situation, so I present you with a solution.

Be careful, though: the code isn’t tested. It is more like working “proof-of-concept” than a real release. Code is ugly as hell too. Pre-release beta of the alpha version.

But it works on my machine and can be initialized through the CLI, without recompiling or manual DB-editing. So it is usable. So use it.

  • oshu@lemmy.worldEnglish
    3·
    4 个月前

    Is there an advantage to using this over the standard linux process accouting tools (psacct or acct package in most distros)?

  • DonutsRMeh@lemmy.worldEnglish
    3·
    4 个月前

    Definitely using this. I always find folders (not sure if it works on folders, too, or only files) that I have no idea where they come from. So, I worry that if I delete them I’d mess up something. Hope this helps me. Thank you.

  • SayCyberOnceMore@feddit.ukEnglish
    5·
    4 个月前

    Hmm, interesting…

    As you’re here (easier than raising a ticket on github 😉)…

    At present, the daemon doesn’t strictly detect file creation events. Instead, it logs processes that access files

    2 things come to mind…

    1. Just curiosity - why not the creation time?
    2. If I set noatime in my fstab, does that nullify this?
  • illusionist@lemmy.zipEnglish
    3·
    4 个月前

    I would need to install it now to use it in the future. But I don’t have the problem now, hence I don’t install it. When I need it, it won’t be installed. I install it after I need it and then I don’t need it for another year or so and then I uninstall it again because I don’t use and need it.

    Out of curiosity, would it make sense to tag each (home dir) file with the creation/modification process (id)?

    If yes, why is it not tagged by default? Could this be implemented upstream? It sounds extremely useful. Is it not?

      • illusionist@lemmy.zipEnglish
        3·
        4 个月前

        i won’t have it installed when I need it because I only install stuff when I need it. As soon as I need it, it is too late. Hence it should be installed by default for all users - unless there is a shortcoming. Why is this not the default?

        • MysteriousSophon21@lemmy.worldEnglish
          2·
          4 个月前

          Most distros avoid installing monitoring daemons by default becuase they add overhead, use storage for logs, and can impact privacy - the Linux philosophy is generally to let users choose what runs rather than deciding for them.