fatrace icon indicating copy to clipboard operation
fatrace copied to clipboard

Published 20 hours ago verified publisher icon martinpitt

-u, --user to show username of file event in output

Open porg opened this issue 2 years ago • 5 comments

Feature Request

  • When stating the -u, --user argument there's an additional column which shows from which user the file event originated

Related

  • With --timestamp and --user one would already have quite many columns
  • fatrace offers a menaingfull default column order.
  • In addition you could use: #15

porg avatar Jul 16 '22 15:07 porg

fanotify() does not support this directly, but we could read the source pid's current euid.

martinpitt avatar Jul 17 '22 13:07 martinpitt

I'm not Linux savvy enough to know what's the correct way to determine this (fanotify et al), but anything which gives me a clue about the user from which the activity comes from would be appreciated. 😉

porg avatar Jul 17 '22 20:07 porg

Any plans for implementation?

porg avatar Nov 15 '22 20:11 porg

Alright I tried to implement this in pull request #27. Does that meet your requirements, @porg?

gabrielkulp avatar Mar 20 '23 23:03 gabrielkulp

Hi @gabrielkulp , thanks for contributing!

  1. I cannot test this myself as I do not know how to pull your commit and built fatrace (for other feature tests, @martinpitt was so kind and built the binaries for me)
  2. But I can give you feedback on the basis of your textual description for pull request #27:
  • For implementation of this very issue I want it to be consistent with the existing argument names and my other proposal #15 which @martinpitt liked as a good generic column formatting solution. Regarding user name/id I had foreseen this:
    • u means username
    • U is the numerical user id
  • I have not foreseen the g group-name or G group-ID, but in sight of these your news added it to #15
    • I myself do not know how group-name/id can help in investigations additionally to the user-name/id, but I assume it certainly can help. So good to offer it.
  • It is in the spirit of #15 that any extra --output-argument outputs its "maximum or default representation" and can be further tweaked by --columns. So please make sure that your code has 4 separate variables $io-group-name, $io-group-id, $io-user-name, $io-user-id and the corresponding single-letter-code to be used for --columns plus its "composite representation" as a variable like $io-user-and-group which is used for the default output.
    • And the default to be intuitive should rather be $io-user-name:$io-group-name which is the default representation and order as Unix ls -l outputs file ownership.

porg avatar Mar 21 '23 10:03 porg