This program is an “inotify cron” system. It consists of a daemon and a table manipulator. You can use it a similar way as the regular cron. The difference is that the inotify cron handles filesystem events rather than time periods. Incron is similar to cron, but instead of running commands based on time, it can trigger commands when file or directory events occur (e.g. a file modification, changes of permissions, etc.).
Installing incron
Type the following command under RHEL / Fedora / CentOS Linux:
$ yum install incron
Type the following command under Debian / Ubuntu Linux:
$ sudo apt-get install incron
Turn incrond Service On
Type the following command:
$ service incrond start
$ chkconfig incrond on
Configuration Files
/etc/incron.conf – Main incron configuration file
/etc/incron.d/ – This directory is examined by incrond for system table files. You should put all your config file here as per directory or domain names.
/etc/incron.allow – This file contains users allowed to use incron.
/etc/incron.deny – This file contains users denied to use incron.
/var/spool/incron – This directory is examined by incrond for user table files which is set by users running the incrontab command.
Using Incron
Incron usage is very much like cron usage. You have the incrontab command that let’s you list (-l), edit (-e), and remove (-r) incrontab entries. To learn more about it, see
$ man incrontab
There you also find the following section:
If /etc/incron.allow exists only users listed here may use incron. Otherwise if /etc/incron.deny exists only users NOT listed here may use incron. If none of these files exists everyone is allowed to use incron. (Important note: This behavior is insecure and will be probably changed to be compatible with the style used by ISC Cron.) Location of these files can be changed in the configuration.
This means if we want to use incrontab as root, we must either delete /etc/incron.allow (which is unsafe because then every system user can use incrontab).
$ rm -f /etc/incron.allow
or add root to that file (recommended):
$ vi /etc/incron.allow
Before you do this, you will get error messages like this one when trying to use incrontab:
$ incrontab -l
user ‘root’ is not allowed to use incron
Afterwards it works:
$ incrontab -l
no table for root
We can use
$ incrontab -e
to create incron jobs. Before we do this, we take a look at
$ man 5 incrontab
because it explains the format of the crontabs. Basically the format is as follows
where
IN_ACCESS File was accessed (read) (*)
IN_ATTRIB Metadata changed (permissions, timestamps, extended attributes, etc.) (*)
IN_CLOSE_WRITE File opened for writing was closed (*)
IN_CLOSE_NOWRITE File not opened for writing was closed (*)
IN_CREATE File/directory created in watched directory (*)
IN_DELETE File/directory deleted from watched directory (*)
IN_DELETE_SELF Watched file/directory was itself deleted
IN_MODIFY File was modified (*)
IN_MOVE_SELF Watched file/directory was itself moved
IN_MOVED_FROM File moved out of watched directory (*)
IN_MOVED_TO File moved into watched directory (*)
IN_OPEN File was opened (*)
When monitoring a directory, the events marked with an asterisk (*) above can occur for files in the directory, in which case the name field in the
returned event data identifies the name of the file within the directory.
The IN_ALL_EVENTS symbol is defined as a bit mask of all of the above events. Two additional convenience symbols are IN_MOVE, which is a combination of IN_MOVED_FROM and IN_MOVED_TO, and IN_CLOSE which combines IN_CLOSE_WRITE and IN_CLOSE_NOWRITE.
The following further symbols can be specified in the mask:
IN_DONT_FOLLOW Don’t dereference pathname if it is a symbolic link
IN_ONESHOT Monitor pathname for only one event
IN_ONLYDIR Only watch pathname if it is a directory
Additionaly, there is a symbol which doesn’t appear in the inotify symbol set. It is IN_NO_LOOP. This symbol disables monitoring events until the current one is completely handled (until its child process exits).
$$ dollar sign
$@ watched filesystem path (see above)
$# event-related file name
$% event flags (textually)
$& event flags (numerically)
If you watch a directory, then $@ holds the directory path and $# the file that triggered the event. If you watch a file, then $@ holds the complete path to the file and $# is empty.
If you need the wildcards but are not sure what they translate to, you can create an incron job like this:
/tmp/ IN_MODIFY echo “$$ $@ $# $% $&”
Examples:
Type the following command to edit your incrontab
$ incrontab -e
Run logger command when file created or deleted from /tmp directory:
/tmp IN_ALL_EVENTS logger “/tmp action for $# file”
Save and close the file. Now cd to /tmp and create a file:
$ cd /tmp
$ touch jonboy60
$ rm jonboy60
To see message, enter:
$ tail -f /var/log/messages
or
$ tail /var/log/syslog
Sample outputs:
Aug 05 14:28:08 jonboy60-desktop logger: “/tmp action for jonboy60 file”
~
jonboy60
I’m a Malaysian, my name is Jon Loh (jonboy60) living in Kuala Lumpur and working in Petaling Jaya, Malaysia. Jonboy60.com is a blog magazine about Linux and other open source softwares. All about to a daily jobs or real life experiences I had since the year 2002 administrating Linux and Windows server in a hosting company. Basically i will be offering Linux tips, howto, tricks, latest news and tutorial. Contact Me for Career opportunities, business offers, Linux solutions for business or home, web and email server solutions, Linux consulting and expertise requests. Email to me on jonboy60{@}gmail.com. The site I’m running is VenCouture.com – Malaysia Online Fashion Shopping Boutique, VenCouture. We sell fashion clothes, sexy lingeries, baby clothing and etc.
Follow Me:
