Hi you can try to use the kernel audit facility: 1) enable the auditd daemon: service auditd start 2) enable audit for the home directory (only audit write operations to the directory inode); the command is not recursive and you cannot use wildcards auditctl -w /home/user -pw 3) after a file disapears use ausearch to find who removed it (and what command was used to remove it); suppose file "test" was removed ausearch -f /home/user/test Radu On Jan 4, 2008 11:25 AM, Christopher Thorjussen <Christopher.Thorjussen at carrot.no> wrote: > > > You can enable auditing to determine if the files are disappearing due > to human/machine intervention (audit file system deletes) or if it is > due to file system corruption (files disappear and no delete audits > recorded). > > > > It may just be an errant rsync script. > > > > -Ross > > How do I enable auditing of the home dir? > > /Christopher > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >