0
Is there any tool or logs which could give information about it? Also, if there is no way to find out the above then... can I do something which informs me when someone or some service tried to delete the folder.
user43152
Posted 2010-07-17T14:29:01.330
Reputation: 3
0
This small Dtrace script will easily log every file deletion in the system:
dtrace -qn 'syscall::unlink*:entry { printf("%d, %s, %s\n", uid, execname, copyinstr(arg0));}
syscall::fsat:entry /arg0 == 5 / { printf("%d, %s, %s\n", uid, execname, copyinstr(arg2));}'
jlliagre
Posted 2010-07-17T14:29:01.330
Reputation: 12 469
0
AFAIK there is no "out the box" solution but you could use an event driven file watcher for file system events (on the directory its in) - then look up the offending program(s) that match the handle.
If you need such an application then it may be worth asking on StackOverflow as you cannot be the only with such a need.
Metalshark
Posted 2010-07-17T14:29:01.330
Reputation: 286
1StackOverflow is only appropriate if you intend to write such an application yourself – Nifle – 2010-07-17T14:47:55.957