[CentOS] Finding wich files a writen to

Thu May 5 02:02:38 UTC 2011
Nicolas Ross <rossnick-lists at cybercat.ca>

> Just out of curiosity I decided to write a simple script which checks all the
> files from all pids on the system.
> Here is what I got:
>    http://hydra.azilian.net/scripts/read_fds.pl
> The idea is to read all the /proc/PID/fdinfo/ files and check the difference in
> the pos lines (the position in the file descriptor). This is both write and
> read position depending on how the application has opened the file.
> So in the end it lists all pids and the respective FDs which have changes:
> hackman at gamelon:~$ sudo ./read_fds.pl 4
> Pid: 14229 Position change:         22 blocks FD:   4(/home/hackman/f2.tst)
> Pid: 14229 Position change:         12 blocks FD:   3(/home/hackman/f1.tst)
> The argument to the script is the sleep between the two checks.
> I have tested the script on a few production servers... It works as a charm :)
> Thank you for the good question... now I have one good tool in my arsenal :)
This is excellent, and sooo clever... Except that I don't have the 
/proc/*/fdinfo directories. It seems that theses directories appeared in 
2.6.22, and, since I am in centos5, I only have 2.6.18...

I tested it on SL6 machine, and it works perfectly... Upgrade is not an 
option for the moment for the machine I have the problem with.