How to monitor what files are opened

command-line kernel filesystem

You could perhaps use audit system for that. It is a little heavyweight, but something like this should work (in /etc/audit/audit.rules):

# delete all other rules
-D

# watch the file in question
-w /path/to/file -p rwxa

and then I think you need to restart auditd:

sudo service audit restart

(In case you don't have it installed, it is in package auditd.) The culprit can then be found in /var/log/audit/audit.log.

Related

What is the efi/esp partition?
How to create a shortcut to start a Windows application with Wine?
HDMI not detected on Ubuntu 18.04
Adding table within the plotting region of a ggplot in r
Adding a closure as target to a UIButton
Java InputStream blocking read
Which should I use, -awakeFromNib or -viewDidLoad?
dataTable() vs. DataTable() - why is there a difference and how do I make them work together?
What is the use of the `inline` keyword in C?
Calculate time difference between Pandas Dataframe indices
Create a directory if it doesn't exist
Making GridView items square