Find out which process is writing into a specific directory

linux

Solution 1:

Use kernel audit subsystem

auditctl -w /some/dir/ -p war -k whatsgoingon

That sets up a hook waiting for something happening under /some/dir/.

Then make sure you have auditd daemon running. After that just wait until files appear and see from /var/log/auditd.log or wherever it in your system writes and read what happened and by what process.

Solution 2:

Try lsof +r2 | grep '/some/dir'. This will show processes accessing /some/dir and refresh every 2 seconds.

Related

Would upgrading RAM in a HP LaserJet printer improve its performance?
Is fingerprint authentication secure?
How to check if Apache compression is working?
How to find out if a terminal supports UTF-8
What does ::1 mean?
how to SSH to EC2 without explicitly using the pem key?
How to write ISO image to usb memory stick from linux command-line?
How do I get Centos VM to re-read its increased Disk size WITHOUT a reboot
What can be learned about a user from a failed SSH attempt?
What do I need to mount devices with threaded round holes in a server rack with square holes?
CentOS 7 Firewall Configuration
Dynamically blocking excessive HTTP bandwidth use?