Tux

...making Linux just a little more fun!

Find what is created a given directory?

Suramya Tomar [security at suramya.com]


Thu, 28 Jan 2010 15:34:19 +0530

Hey,

I know it sounds kind of weird but I want to know if it is possible to identify what process/program is creating this particular directory on my system.

Basically, in my home folder a directory called "Downloads" keeps getting created at random times. The directory doesn't have any content inside it and is just an empty folder.

I thought that it was probably being created by one of the applications I run at the time but when I tried to narrow down the application by using each one separately and waiting for the directory to be created I wasn't able to replicate the issue.

I also tried searching on Google for this but seems like no one else is having this issue or maybe my searches are too generic.

I am running Debian Testing (Squeeze) and the applications I normally have running are:

* Firefox (3.6)
* Thunderbird (3.0.1)
* Dolphin (Default KDE 4.3.4 version)
* Konsole (3-4 instances)
* EditPlus using wine
* Amarok (1.4.10)
* ksensors
* Tomboy Notes
* xchat
* gnome-system-monitor

BTW, I noticed the same behavior when I was using Ubuntu last year (9.10).

Any idea's on how to figure this out? Have any of you noticed something similar on your system?

- Suramya

-- 
-------------------------------------------------
Name : Suramya Tomar
Homepage URL: http://www.suramya.com
-------------------------------------------------
************************************************************


Top    Back


Amit Saha [amitsaha.in at gmail.com]


Thu, 28 Jan 2010 15:36:29 +0530

Hey Suramya, TAG:

On Thu, Jan 28, 2010 at 3:34 PM, Suramya Tomar <security@suramya.com> wrote:

> Hey,
>
> I know it sounds kind of weird but I want to know if it is possible to
> identify what process/program is creating this particular directory on my
> system.
>
> Basically, in my home folder a directory called "Downloads" keeps getting
> created at random times. The directory doesn't have any content inside it
> and is just an empty folder.
>
> I thought that it was probably being created by one of the applications I
> run at the time but when I tried to narrow down the application by using
> each one separately and waiting for the directory to be created I wasn't
> able to replicate the issue.
>
> I also tried searching on Google for this but seems like no one else is
> having this issue or maybe my searches are too generic.
>
> I am running Debian Testing (Squeeze) and the applications I normally have
> running are:
>
> * Firefox (3.6)

With a 0.9 probability, I would guess its Firefox which creates this directory, for saving your "Downloads". But, http://oss.sgi.com/projects/fam/ may be a good candidate to look at to find the program doing this.

HTH, Amit

-- 
Journal: http://amitksaha.wordpress.com,
µ-blog: http://twitter.com/amitsaha
 
Freenode: cornucopic in #scheme, #lisp, #math,#linux, #python


Top    Back


Neil Youngman [ny at youngman.org.uk]


Thu, 28 Jan 2010 10:24:17 +0000

On Thursday 28 January 2010 10:04:19 Suramya Tomar wrote:

> I thought that it was probably being created by one of the applications
> I run at the time but when I tried to narrow down the application by
> using each one separately and waiting for the directory to be created I
> wasn't able to replicate the issue.

I'd try something like

rmdir ~/Downloads
while [ ! -d ~/Downloads ]; do sleep 1; done # Wait for directory to appear
lsof | grep Downloads     # see who is using directory

The above is completely untested.

If you look at the lsof man page you may find some helpful options to use.

HTH

Neil Youngman


Top    Back


Thomas Adam [thomas.adam22 at gmail.com]


Thu, 28 Jan 2010 11:33:38 +0000

On 28 January 2010 10:24, Neil Youngman <ny@youngman.org.uk> wrote:

> On Thursday 28 January 2010 10:04:19 Suramya Tomar wrote:
>> I thought that it was probably being created by one of the applications
>> I run at the time but when I tried to narrow down the application by
>> using each one separately and waiting for the directory to be created I
>> wasn't able to replicate the issue.
>
> I'd try something like
>
> rmdir ~/Downloads
> while [ ! -d ~/Downloads ]; do sleep 1; done # Wait for directory to appear
> lsof | grep Downloads     # see who is using directory
>
> The above is completely untested.

Why not use inotify?

http://www.ibm.com/developerworks/linux/library/l-ubuntu-inotify/index.html

Exactly what this was designed for,

-- Thomas Adam


Top    Back


Suramya Tomar [security at suramya.com]


Sat, 30 Jan 2010 23:28:14 +0530

Hey Amit,

>
> With a 0.9 probability, I would guess its Firefox which creates this
> directory, for saving your "Downloads". But,
> http://oss.sgi.com/projects/fam/ may be a good candidate to look at to
> find the program doing this.

That's what I thought, however if Firefox was the one creating the directory I would expect it to do it everytime I download something which is not the case here.

For example the last time the directory was created was at 5:23 am when I was sleeping and my computer was mostly idle.

Thanks for the link though, its a very interesting read.

- Suramya

-- 
-------------------------------------------------
Name : Suramya Tomar
Homepage URL: http://www.suramya.com
-------------------------------------------------
************************************************************


Top    Back


Suramya Tomar [security at suramya.com]


Sat, 30 Jan 2010 23:30:37 +0530

Hey Neil,

> rmdir ~/Downloads
> while [ ! -d ~/Downloads ]; do sleep 1; done # Wait for directory to appear
> lsof | grep Downloads     # see who is using directory
>
> The above is completely untested.
>

I tried the above but it didn't help. Basically what happened is that by the time the above condition was satisfied and the lsof command ran there was no process which was accessing that directory.

So it seems like the directory is created and then left alone. There is never any content created inside it.

Thanks for the advise though.

- Suramya

-- 
-------------------------------------------------
Name : Suramya Tomar
Homepage URL: http://www.suramya.com
-------------------------------------------------
************************************************************


Top    Back


Suramya Tomar [security at suramya.com]


Sat, 30 Jan 2010 23:31:29 +0530

Hi Adam,

> Why not use inotify?
>
> http://www.ibm.com/developerworks/linux/library/l-ubuntu-inotify/index.html
>
> Exactly what this was designed for,

Thanks for the hint. I will try it out and will keep the list posted on what I find out.

- Suramya

-- 
-------------------------------------------------
Name : Suramya Tomar
Homepage URL: http://www.suramya.com
-------------------------------------------------
 
                                                          
Disclaimer:
Any errors in spelling, tact, or fact are transmission errors.


Top    Back