Find out who delete the file

0

Hi we are using the S3 on AWS. and there are several people who have access to that box, however, everyone has to log in as the same user/ubuntu.

I was doing some work, zipping a big file using nohup:

nohup gzip monitoring_result &

Then when I came back, the original file and the zipped file are all gone!!!!! That is a big issue to me and when I pull the history, clearly I did not do anything stupid to accidently delete those files. And I am wondering how could I find out who deleted it or what happened to that file?

I have sudo on that box.

B.Mr.W.

Posted 2013-10-16T17:10:55.067

Reputation: 117

Why don't you create seperate uses this way you can keep track of who does what? – Ramhound – 2013-10-16T17:12:56.830

I will do it. I am wondering is there still anyway that I can find out who did it? – B.Mr.W. – 2013-10-16T17:14:39.403

If multiple people were logged in as the same user any log file created, wouldn't tell you WHO did it. – Ramhound – 2013-10-16T17:16:58.677

Answers

1

If all people were logged in as the same user, then you have no chance to find out, who it was, because for the computer, everybody is the same because of the same user-account they used.

I would highly recommend you, to set different users for these people.

Maybe you have a chance to recover your file. You could use for example TestDisk. You should use this tool with a live-cd to recover your file.

Also foremost is a good command-line tool.

Download:

sudo apt-get install foremost

Direct Downloadlink

Christian

Posted 2013-10-16T17:10:55.067

Reputation: 6 571

Asked: 2013-10-16T17:10:55.067

Viewed: 68 times

Active: 2013-10-16T18:14:04.820