This program is an “inotify cron” system. It consists of a daemon and a table manipulator. You can use it a similar way as the regular cron. The difference is that the inotify cron handles filesystem events rather than time periods. Incron is similar to cron, but instead of running commands based on time, it can trigger commands when file or directory events occur (e.g. a file modification, changes of permissions, etc.).
Type the following command under RHEL / Fedora / CentOS Linux:
$ yum install incron
Type the following command under Debian / Ubuntu Linux:
$ sudo apt-get install incron
Turn incrond Service On
Type the following command:
$ service incrond start
$ chkconfig incrond on
/etc/incron.conf – Main incron configuration file
/etc/incron.d/ – This directory is examined by incrond for system table files. You should put all your config file here as per directory or domain names.
/etc/incron.allow – This file contains users allowed to use incron.
/etc/incron.deny – This file contains users denied to use incron.
/var/spool/incron – This directory is examined by incrond for user table files which is set by users running the incrontab command.
Incron usage is very much like cron usage. You have the incrontab command that let’s you list (-l), edit (-e), and remove (-r) incrontab entries. To learn more about it, see
$ man incrontab
There you also find the following section:
If /etc/incron.allow exists only users listed here may use incron. Otherwise if /etc/incron.deny exists only users NOT listed here may use incron. If none of these files exists everyone is allowed to use incron. (Important note: This behavior is insecure and will be probably changed to be compatible with the style used by ISC Cron.) Location of these files can be changed in the configuration.
This means if we want to use incrontab as root, we must either delete /etc/incron.allow (which is unsafe because then every system user can use incrontab).
$ rm -f /etc/incron.allow
or add root to that file (recommended):
$ vi /etc/incron.allow
Before you do this, you will get error messages like this one when trying to use incrontab:
$ incrontab -l
user ‘root’ is not allowed to use incron
Afterwards it works:
$ incrontab -l
no table for root
We can use
$ incrontab -e
to create incron jobs. Before we do this, we take a look at
$ man 5 incrontab
because it explains the format of the crontabs. Basically the format is as follows
IN_ACCESS File was accessed (read) (*)
IN_ATTRIB Metadata changed (permissions, timestamps, extended attributes, etc.) (*)
IN_CLOSE_WRITE File opened for writing was closed (*)
IN_CLOSE_NOWRITE File not opened for writing was closed (*)
IN_CREATE File/directory created in watched directory (*)
IN_DELETE File/directory deleted from watched directory (*)
IN_DELETE_SELF Watched file/directory was itself deleted
IN_MODIFY File was modified (*)
IN_MOVE_SELF Watched file/directory was itself moved
IN_MOVED_FROM File moved out of watched directory (*)
IN_MOVED_TO File moved into watched directory (*)
IN_OPEN File was opened (*)
When monitoring a directory, the events marked with an asterisk (*) above can occur for files in the directory, in which case the name field in the
returned event data identifies the name of the file within the directory.
The IN_ALL_EVENTS symbol is defined as a bit mask of all of the above events. Two additional convenience symbols are IN_MOVE, which is a combination of IN_MOVED_FROM and IN_MOVED_TO, and IN_CLOSE which combines IN_CLOSE_WRITE and IN_CLOSE_NOWRITE.
The following further symbols can be specified in the mask:
IN_DONT_FOLLOW Don’t dereference pathname if it is a symbolic link
IN_ONESHOT Monitor pathname for only one event
IN_ONLYDIR Only watch pathname if it is a directory
Additionaly, there is a symbol which doesn’t appear in the inotify symbol set. It is IN_NO_LOOP. This symbol disables monitoring events until the current one is completely handled (until its child process exits).
$$ dollar sign
$@ watched filesystem path (see above)
$# event-related file name
$% event flags (textually)
$& event flags (numerically)
If you watch a directory, then $@ holds the directory path and $# the file that triggered the event. If you watch a file, then $@ holds the complete path to the file and $# is empty.
If you need the wildcards but are not sure what they translate to, you can create an incron job like this:
/tmp/ IN_MODIFY echo “$$ $@ $# $% $&”
Type the following command to edit your incrontab
$ incrontab -e
Run logger command when file created or deleted from /tmp directory:
/tmp IN_ALL_EVENTS logger “/tmp action for $# file”
Save and close the file. Now cd to /tmp and create a file:
$ cd /tmp
$ touch jonboy60
$ rm jonboy60
To see message, enter:
$ tail -f /var/log/messages
$ tail /var/log/syslog
Aug 05 14:28:08 jonboy60-desktop logger: “/tmp action for jonboy60 file”