Monitor file and directory activity with incron

Dynamic incrontab

Something else you can do is use incron to tell users when they have new documents on a server waiting to be processed. For example, imagine you're the editor in chief of a famous Linux magazine, and you need to tell your editors when articles are available for editing, correcting, proofreading, and so on. Instead of copying the documents to the server, firing up your email client, and manually shooting off a message to the concerned party, you just want to copy the document and be done with it. You could hope that your staff will check their online folders regularly, but you can't afford to assume that will happen. That is why we script.

Instead of dumping all the documents willy-nilly into one directory, you want to be able to monitor each of the users' home directories on the server and then monitor the subdirectories that are created for each magazine and issue within those directories.

This sets another challenge: As mentioned before, incron does not implement recursivity, so you can't just monitor the top level and bore down when a folder for a new issue is created. If you monitor the users' top-level directories, incron won't see when a file is added to an issue subdirectory, so it seems you will have to create an incrontab line for each new subdirectory you create in a user's home folder, and that seems as bothersome as emailing each editor by hand – unless you write a script to do it for you.

The trick is to get your script to write directly into the users' incrontab files without having to use incrontab -e. The inrontab files live at /var/spool/incron/, and each user has their own with their name on it. Thus, user joe's incrontab will be /var/spool/incron/joe, user jane's file will be /var/spool/incron/jane, and so on. To accomplish this, you use a global, superuser incrontab with one line per editor to write in each file. The rules in root's incrontab will look something like this:

/home/joe IN_CREATE /usr/local/bin/ $@
/home/jane IN_CREATE /usr/local/bin/ $@
/home/jed IN_CREATE /usr/local/bin/ $@

Yes, you do have to create one rule per editor, but unless you're continually hiring and firing editorial staff, you won't have to change this file very often. Each line monitors the users' home directories and calls the script (Listing 2) whenever a subdirectory is created in any of the monitored directories.

Listing 2


The script takes as an argument the name of the user from the user's monitored home directory (culled from the $@ variable included in each of root's incrontab rules) and removes the existing incrontab file for that user from the /var/spool/incron/ directory. Then, it loops over all the subdirectories in the user's home directory and creates a new file with rules for each subdirectory, indicating that the user must be mailed if a new file is added to any of those subdirectories.

The user's email address is extracted from the file .emailaddress that you will have created previously and placed in the user's home directory. The beauty of removing the user's incrontab file and then creating it anew every time the script is run is that the rules that refer to old directories that have been deleted get flushed out of the incrontab file.

Say, over time, you have created subdirectories in Joe's home directory for Linux Magazine 75 (lm75), Linux Magazine 76 (lm76), Shell Special 02 (shell02), and Ubuntu User 04 (uu04). His personal incrontab file will end up looking like Listing 3.

Listing 3

User joe's incrontab File


The script, by the way, you'll have to write yourself. Mine is actually a Python (not Bash) script, and it sends a message with instructions on how to download the files via SSH, complete with tailored command lines (thanks again to the $@ variable) that the editors can copy and paste into a terminal.


Incron is fun! It gives you a very complete and powerful set of tools for monitoring and reacting to changes in your filesystem, saving you a ton of work and trouble by allowing you to link events and tasks.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly's Column

    While cron doggedly keeps to a fixed schedule, Incron monitors directories and runs commands when changes occur.

  • Charly's Column: iWatch

    Recently, sys admin Charly was faced with the task of synchronizing a directory on a server with two NFS-mounted clients. He wanted the whole thing to happen quickly and to be easily manageable, which ruled out DRBD and GlusterFS.

  • Security Lessons: System Rescue

    Kurt provides some tips and recommends some tools to help you detect signs of network intrusion and data corruption.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More