Re: monitoring user processes


I saw someone on had hacked on this, but I'm going to
reply anyway...

Steven Day <scd104 ecs soton ac uk> writes:

> re your suggestion: If I use inotify on the /usr/bin directories, is
> this not similar to the way top monitors the /proc filesystem to
> provide it's information? Also, how would I be able to determine who
> (user-wise) executed the binary with that method?

Well, it's a hack - I thought you were simply going to use it for
experiments. In the real world, a better solution would probably be to
hook into the code that is used to launch applications (e.g. in the
panel, or whatever you are thinking about) so that you don't get
random applications showing up, e.g. from the terminal.

> One of my big problems is that I only want to record applications
> that were explicitly invoked by the user, not system processes etc.
> I don't think it would be much use having an 'intelligent'
> suggestion recommending the d-bus message daemon for instance. On
> this note, is there a better way to tell a user invoked process from
> a system one or daemon than the uid or effective uid? Can i use
> information about when it was started etc?

An interesting user process will have probably have a .desktop file
somewhere. I'd try that for starters.

Ole Laursen

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]