The Disk menu is used to view summaries of disk space usage by user, group or filesystem. These reports help network administrators manage the space on network partitions.
To decrease the time needed to generate these summaries, EnlightenDSM creates a database, or snapshot, of the files in a filesystem. That snapshot is used to perform searches or generate reports.
The Disk menu can also be used to search for specific files.
The Disk menu options are:
Usage by Filesystem
Usage by Username
Usage by Groupname
File Search
Processes by Filesystem
Save Current Snapshots
Compare Snapshots
The features described in this chapter are part of the EnlightenDSM/Advanced product. A License Advisory window similar to the one shown on page 1-3 will appear if you attempt to access this menu with the Workgroup version.
To increase the speed of these programs and cut down on disk access time, EnlightenDSM creates a database (disk snapshot) of all files in the requested filesystem once and then uses this database to perform the required tasks. The amount of time needed to create this database is dependent on the size of the filesystem you wish to monitor.
To update the snapshot of a filesystem, highlight it in the list of filesystems and click the Rebuild button located on the right side of the menu bar. Then click the button for the process you want to update: User Sum., Group Sum., or File Search.
EnlightenDSM will display a window indicating when the last snapshot of your request was taken. If you want to refresh this disk snapshot, click the appropriate button. To save the new snapshot, see “Save Current Snapshots”.
 | Note: Disk summaries and searches are performed on this snapshot. Consequently, you should rebuild your snapshots periodically to reflect a more current state of the disk. |
You can use this command to view Disk Usage by Filesystem. A window showing all mounted file systems as well as their current usage of disk space and inodes will appear (Figure 7-1).
You now have the option to look at:
| User Sum. | Summarize disk usage by username | |
| Group Sum. | Summarize disk usage by user group | |
| File Search | Search for files based on search criteria | |
| Processes | View the processes using a filesystem | |
| Graph | Graph the disk usage |
Highlight the filesystems you wish to summarize, then click the User Sum. button. The Disk Usage Information By Users window will appear summarizing the disk usage by user for the highlighted filesystems. This window shows you the user name, real name, telephone number, number of files owned by the user, and total disk usage (in KB).
The disk usage summaries are based on previously taken disk snapshots. Consequently, the displayed data may not be current. To rebuild the disk snapshots before the summary is made, click the Rebuild button in the previous window. See “Building Snapshots” for more details.
Within the Disk Usage Information By Users window, you now have the following options:
| View Files | View a list of files owned by the user(s) and perform further operations on them | |
| Compare Snapshots |
| |
| Save Snapshots |
| |
| Graph | Graph the disk usage of the user(s) |
By highlighting specific Username entries and clicking on the View Files button, you can view a list of files owned by the highlighted users and then manipulate the file characteristics. For more details, refer to “View Files”.
You can compare the state of the current partition (snapshot) to that of one from a previous moment in time. You are able to view summaries of changes, see detailed lists of changes, and look for changes based on search criteria. To compare an existing snapshot to a previously saved one, highlight the disk partitions (filesystems) you want to compare and click the Compare Snapshot button to run the comparison. For more details, see “Compare Snapshots”.
To save existing snapshots, highlight the disk partitions you want to save and click the Save Snapshot button to create a dynamic new snapshot. For more details, see “Save Current Snapshots”.
Highlight the filesystems you wish to summarize, then click the Group Sum. button. The Disk Usage Information By Group window will appear summarizing the disk usage by user for the highlighted filesystems. This window shows you the group name, number of files owned by the group, and total disk usage (in KB).
The disk usage summaries are based on previously taken disk snapshots. Consequently, the displayed data may not be current. To rebuild the disk snapshots before the summary is made, click the Rebuild button in the previous window. See “Building Snapshots” for more details.
Within the Disk Usage Information By Group window, you now have the following options:
| View Files | View a list of files owned by the group(s) and perform further operations on them | |
| Compare Snapshots |
| |
| Save Snapshots |
| |
| Graph | Graph the disk usage of the group(s) |
By highlighting specific Groupname entries and clicking on the View Files button, you can view a list of files owned by the highlighted users and then manipulate the file characteristics. For more details, refer to “View Files”.
You can compare the state of the current partition (snapshot) to that of one from a previous moment in time. You are able to view summaries of changes, see detailed lists of changes, and look for changes based on a search criterion. To compare an existing snapshot to a previously saved one, highlight the disk partitions (filesystems) you want to compare and click the Compare Snapshot button to run the comparison. For more details, see “Compare Snapshots”.
To save existing snapshots, highlight the disk partitions you want to save and click the Save Snapshot button to create a dynamic new snapshot. For more details, see “Save Current Snapshots”.
There will be times when you need to perform disk file searches for information not readily apparent, such as file size, file types, creation date of a file, and who owns a particular file. Highlight the disk partitions (filesystems) you wish to query and click the File Search button to find, and then view, these files through a query process.
The File Search Query window will appear where you can enter your search criteria. If you do not fill in a field, it is not used as part of the search pattern.
You can use this command to display all currently running processes that are accessing the highlighted filesystems. To view the processes, highlight the filesystems you wish to view and then click the Processes button. A window will appear displaying all processes accessing the highlighted filesystems.
| Note: The Processes By Filesystem functionality does not work correctly in version 4.1x of the Sun operating system. The resulting report may be incomplete and/or display processes that are NOT associated with the selected partitions. |
You can use this command to see, at a glance, a summary of disk usage by user for currently mounted file systems. The Select Disk Partitions window will appear displaying all currently mounted file systems (Figure 7-2).
Highlight the appropriate disk partitions for summarizing from the list box and click the View User Summary button. The Disk Usage Information by Users window will appear (Figure 7-3). You can sort this information, mail it to selected users, or print it. Plus, you now have the following options:
| View Files | View a list of files owned by the user(s) and perform further operations on them | |
| Compare Snapshots |
| |
| Save Snapshots |
| |
| Graph | Graph the disk usage summary of the user(s) |
By highlighting specific Username entries and clicking the View Files button, you can further view a list of files owned by the highlighted users, as shown in the File Systems Detail window (Figure 7-4).
Now you can perform the following operations to further manipulate the files in the list box:
| Edit | Change the contents of the marked files | |
| View | View the contents of the marked files | |
| Stats | Display statistics about the marked files | |
| Delete | Remove the marked files from the system | |
| Backup | Back up the marked files | |
| chmod | Change the read, write, and/or execute permissions of the marked files | |
| chgrp | Change the group(s) to which the marked files belong | |
| chown | Change the owner of the marked files | |
| Custom | Define and execute a UNIX command on the marked files |
Use this command to edit files (`vi'). Highlight the files you wish to edit and click the Edit button. A pop-up confirmation window will appear. For each file, select Yes to edit the file, No to skip that file and go to the next one, All to edit all files, or Cancel to abort the command. You MUST utilize standard `vi' commands to edit any files (or a hex editor if this is a binary file).
When you quit `vi' with the :q command, the following message will appear: “Hit the Return key to continue”. This action will close the window and allow you to continue using other EnlightenDSM options.
Use this command to view the contents of files. Highlight the files you wish to view and then click the View button. A pop-up confirmation window will appear. For each file, select Yes to view the file, No to skip that file, All to view all files, or Cancel to abort the command. If you select Yes or All, EnlightenDSM will activate a window showing the contents of the file.
Once the (last) file is displayed, the following message will appear: “Hit the Return key to continue”. This action will close the window and allow you to continue using other EnlightenDSM options. You cannot use the View command to modify files.
Use this command to display a statistical summary for each file (Figure 7-5). Highlight the files you want and click the Stats button. A window will appear with the statistics for the highlighted file. If you selected more than one file, click the Next button to view statistics on the next file you selected.
Use this command to remove files from the system. Highlight the files you wish to delete and click the Delete button. EnlightenDSM will prompt you to confirm your action. Once a file has been deleted, it cannot be recovered.
| Note: If a selected file is actually a directory, EnlightenDSM will not remove it unless it is empty. If the directory is not empty, a status message will appear stating this. |
Use this command to make a back up copy of each highlighted file. Highlight the files you wish to back up and click the Backup button. A pop-up window will appear showing the different backup devices available. Select one of them. EnlightenDSM will then ask for confirmation before performing the backup.
During the backup, a window will display the progress of the backup. When the backup is complete, a summary log will be displayed in the same window. Press the <return> key to continue using other EnlightenDSM options.
| Note: If a selected file is actually a directory, only the directory itself will be backed up. Subfiles and/or subdirectories of the highlighted directory will NOT be backed up. |
Use the chmod command to manipulate the read, write, and/or execute permissions of a file. Highlight the files you wish to change and click the Chmod button. A pop-up window will appear showing the current set of permissions for that file (Figure 7-6).
You can enter the new permissions numerically in the first field or select the desired permissions from the available check boxes. Furthermore, you can specify the permissions be set as is, added on to, or subtracted from the current mode.
Once you've made your choices, click the Apply button. Another pop-up window will ask you to confirm your changes.
Use the chgrp command to change the group(s) to which a file or files belong. Highlight the files you wish to change and click the Chgrp button. A pop-up window will appear. Use this to specify the new group(s).
You can click the arrow button to access a list of valid User Groups. A window will appear showing all Groups. Highlight the desired Group(s) and then click the Apply button. You must specify a valid User Group name. Another pop-up window will ask you to confirm your changes.
Use the chown command to change the ownership of a file. Highlight the files you wish to change and click the Chown button. A pop-up window will appear. Use this to specify the new username.
You can click the arrow button to access a list of valid usernames. A window will appear showing all Users. Highlight a single user and click the Apply button. You must specify a valid username. Another pop-up window will ask you to confirm your changes.
Use this command to directly apply UNIX commands to files without having to exit EnlightenDSM. The commands entered can be any valid UNIX commands. Highlight the files you need to use for your custom command and click the Custom button.
A pop-up window will appear. Enter the appropriate UNIX command and click the Apply button. Another pop-up window will ask you to confirm your action. Once the command has executed successfully, the following message will appear: “Hit the Return key to continue”. This action will close the window and allow you to continue using other EnlightenDSM options.
| Note: EnlightenDSM supports using the character macro % as part of the command. If you use this macro, EnlightenDSM will replace it with the name of the current file. If not, EnlightenDSM will automatically append the name of the current file to the command before executing it. |
You can compare the state of the current partition (snapshot) to that of one from a previous moment in time. You are able to view summaries of changes, see detailed lists of changes, and look for changes based on a search criterion. To compare an existing snapshot to a previously saved one, highlight the disk partitions (filesystems) you want to compare and click the Compare Snapshot button to run the comparison.
To save existing snapshots, highlight the disk partitions you want to save and click the Save Snapshot button to create a dynamic new snapshot. For more details, see “Save Current Snapshots”.
You can use this command to see, at a glance, a summary of disk usage by user group for currently mounted file systems. The Select Disk Partitions window will appear displaying all currently mounted file systems (Figure 7-7).
Highlight the disk partitions you want to monitor from the list box and click the View Group Summary button. The Disk Usage Information By Group window will appear (Figure 7-8). Within this window, you now have the following options:
| View Files | View a list of files owned by the group(s) and perform further operations on them | |
| Compare Snapshots |
| |
| Save Snapshots |
| |
| Graph | Graph the disk usage of the group(s) |
By highlighting specific Groupname entries and clicking the View Files button, you can further view a list of files owned by the highlighted users and then manipulate the file characteristics. For more details, refer to “View Files”.
You can compare the state of the current partition (snapshot) to that of one from a previous moment in time. You are able to view summaries of changes, see detailed lists of changes, and look for changes based on a search criterion. To compare an existing snapshot to a previously saved one, highlight the disk partitions (filesystems) you want to compare and click the Compare Snapshot button to run the comparison. For more details, see “Compare Snapshots”.
To save existing snapshots, highlight the disk partitions you want to save and click the Save Snapshot button to create a dynamic new snapshot. For more details, see “Save Current Snapshots”.
There will be times when you need to perform disk file searches for information not readily apparent, such as file size, file types, creation date of a file, and who owns a particular file. You can use this command to find these files.
A window will appear listing all the currently mounted filesystems (Figure 7-9). Highlight the disk partitions (filesystems) you wish to query and then click the Search Parameters button.
The File Search Query window will then appear (Figure 7-10). You can now fill in the fields to use in your search pattern. If you do not fill in a field, it is not used as part of the search.
The rest of this section describes the functionality of this window's fields and buttons.
This window contains the following fields:
Find Filenames Like
Use this field to specify filenames to use in the search pattern. The filenames can contain the standard UNIX wild card matching characters `*', `?', and `[ ]'. This field will accept more than one entry. Leave a blank space between each unique filename for multiple entries.
Skip Filenames Like
This is the opposite of the Find Filenames like field. The filenames entered here create an exclusion list. Any filename entered here will NOT be matched by the search. This field uses the same format as the previous field.
File Size Between ... and
Every file residing on the system requires space. This space is referred to as the file size. Any input for these fields specifies the minimum and/or maximum file size a file can have as part of the search routine. If a file is smaller than the amount entered in the first field, the search routine will exclude it. Conversely, if the file is larger than the amount entered in the second field, the search routine will also exclude it. You can also use these two fields together to specify a range of file sizes in your search.
To change the default size, enter the data in the format N unit, where N is the numeric size to search for and unit is one of the following units of measure:
KB = Kilobytes
MB = Megabytes
GB = Gigabytes
You can either add the unit directly in the field or just add the numeric size and click the Bytes button to select the unit. The file size must be specified as a whole number.
# of Links Between ... and
Files on a UNIX system can have more than one name (every file is considered to have one link to its original name). If they do have more than one name they are referred to as linked files. In many cases a file may have more than one link.
Any input for these fields specifies the minimum and/or maximum links a file can have as part of the search routine. If the number of links for a file is smaller than the amount entered in the first field, the search routine will exclude it. Conversely, if the number of links is greater than the amount entered in the second field, the search routine will also exclude it. You can also use these two fields together to narrow the search to a specific link count range.
Older than
When a file is created, its creation date is stored by the filesystem in what is called an inode. Every time the file is modified the date of the modification is updated in the inode. Specifying an entry in this field will limit the search to any files created after the date entered. You can use one of two formats for the date. See Appendix C, “Time Formats,” for more details.
Newer
Specifying a date in this field (which has the same format as the previous field) will limit the search to any files created before the date entered. You can also use the Older than and Newer fields together to specify a range of creation times in your search.
Owner Names
Every file on the system has an owner. In most cases the owner is the user who created the file. Use this field to find only those files whose owners match the names of the users entered. Click the arrow button and a pop-up menu will appear listing all Owner names. Highlight the Owner names you wish to search on, then click the Apply button.
This field will accept more than one entry. Leave a blank space between each unique owner for multiple entries. To exclude any files owned by certain users, place a `!' before those usernames.
Group Names
Every file on the system belongs to a user group. Use this field to find only those files whose group ownership matches the user group names entered in this field. Click the arrow button and a pop-up menu will appear listing all Group Names. Highlight the Group Names you wish to search for, then click the Apply button.
This field will accept more than one entry. Leave a blank space between groups for multiple entries. To exclude any files owned by certain groups, place a `!' before those group names.
Use this field to select specific file types for the search. To do so, click in the box preceding the file description. You may select more than one file type. The default is all file types are used:
Regular file | Directory | Symbolic Link |
FIFO (pipe) | Block Special | Char Special |
Set Userid Bit | Set Groupid Bit | Sticky bit |
Socket |
|
|
This window contains the following buttons:
Execute Search
The search criteria may use one or any combination of the preceding fields. Once you've entered your search criteria, click the Execute Search button. The File Systems Detail window will appear with a list of the files that met the criteria. You may then execute more commands such as edit, delete, and chown to manipulate the displayed files' characteristics. See “View Files” for more details on how to use the File Systems Detail window.
Clear Fields
Click this button to clear the existing choices in all fields.
Close
Click this button to discard any changes and close the window.
You can use this command to display a report on all currently running processes associated with the highlighted Disk Partitions. The Select Disk Partitions window will appear displaying all currently mounted filesystems, along with where they are mounted (Figure 7-11).
Highlight the desired disk partitions you want to use to further examine their associated processes and click the View Processes button. The Processes By Filesystem window will appear (Figure 7-12).
| Note: The Processes By Filesystem functionality does not work correctly in version 4.1x of the Sun operating system. The resulting report may be incomplete and/or display processes that are NOT associated with the selected partitions. |
Then you can select a process and use the menu buttons to impact it, as described in the following subsections.
This command is very powerful and will immediately kill the highlighted process. This command will not kill related processes, so if there are child processes running they will become orphans and will have to be terminated separately. A pop-up window will prompt you for verification to terminate the process.
This command is similar to the Terminate command, except it provides enough time for the process to shut down properly. This means the process can close any files and terminate any child processes. A pop-up window will prompt you for verification to hang up the process.
This command stops a process from working, but it does not terminate the process. Essentially, this command puts a process on hold; it can be activated again at a later time. You must use the Continue command to re-activate a suspended process. A pop-up window will prompt you for verification to suspend the process.
This command allows you to re-activate a process that was previously put on hold by a Suspend command. A pop-up window will prompt you for verification to resume the process.
This command allows you to change the priority of a process. This priority determines when the CPU acts on a process. It may have a value from -20 to +20; the smaller the number, the higher the priority. Clicking the Priority button activates a Process Priority window. You can enter the desired priority or use the arrow buttons to make your selection.
EnlightenDSM creates disk snapshots (databases) for use in its monitoring of disk usage. These snapshots can be saved for historical purposes and then used to determine if changes have been made to a partition. They can also be used for security-related issues (see Appendix A, “EnlightenDSM Basics,” in the EnlightenDSM User Guide).
There are two ways to store a snapshot. You can store it as the Master Snapshot. This is a snapshot of what you believe is a secure system state. This is usually made before users are given access to the partition or after a system cleanup is done. Then you can use this Master state to gauge if changes are made over time to that partition.
The second way is similar to the first, except you can assign a name to the saved snapshot. These snapshots can then be used to represent intermediate states.
Either way, once you select this menu item, a window will appear listing all currently mounted filesystems (Figure 7-13). Highlight the disk partitions for which you want to make a current snapshot and click the Save Snapshot button.
The Save Selected Disk Snapshots window will appear (Figure 7-14). The names of the selected partitions are automatically imported into the Snapshot from the partition column in the window. You may also add other partition names or modify the existing ones.
Then you must choose for each partition whether to save the snapshot as the master snapshot (default) or not. If you do, click the Yes button in the Save as Master column. If not, click the No button and enter a unique name for this snapshot in the appropriate Save snapshot as field.
Once you've made all your selections, click the Save Snaphot button. EnlightenDSM will then notify you as each snapshot is saved. If you've requested an existing snapshot be overwritten, you will be prompted for confirmation before doing so.
Disk snapshots provide a detailed description of a disk partition at a given moment in time. You can use this menu item to compare the state of the current partition (snapshot) to that of one from a previous moment in time. A window will appear listing all currently mounted filesystems (Figure 7-15).
Highlight the disk partitions (filesystems) for which you would like to perform a comparison and click the Compare Snapshot button. The Select Saved Snapshots window will appear (Figure 7-16). You can use this window to look at a summary of the changes, view a detailed list of the changes, or search for changes based on a query process.
Within this window, you must decide, for each partition, if the comparison should be made against the partition's master snapshot or against another named snapshot for this partition.
To compare against a named snapshot, click the No button under the Compare to Master column. Then, enter the name of the previously saved snapshot in the appropriate Saved Snapshot field. You can also click the arrow button on the right to bring up a window containing a list of all saved snapshots for that partition and select one of them.
| Note: Partitions of the same name, but from different systems, can be compared. For example, the / partition from the host athens can be compared to the / partition from the host paris. You can use this to help maintain consistency of static partitions (partitions that should not change much) across hosts. |
Finally, you also need to choose how you want to compare the snapshots by selecting one of this window's buttons:
| Summary | Get a summary of the changes | |
| File List | Get a list of all changes | |
| Search | Search further for certain types of changes |
Click the Summary button to view a summary of the changes. Each user who had a file changed is listed in this window (Figure 7-17).
EnlightenDSM monitors file that are/have
New files
Lost files
Renamed files
Increased in size
Decreased in size
Changed modes
Been read
Been updated
New owners
New group owners
and shows in the list box how many files have changed in each category for every user displayed there.
| Note: The summary of snapshot comparisons is a time- consuming action, as are all disk comparison functions. It may take several minutes to gather all the information for large or multiple partitions. |
The rest of this subsection details how to use the Summary of Changes for Disk Partitions window buttons.
By highlighting specific Username entries and clicking the View Files button, you can view a more detailed list of file changes and then manipulate the file characteristics. To use the resulting List of Changed Files window, refer to “File List”.
Click the File List button to see a detailed list of all files that have been changed in some way. Every file that has changed (as listed in “Summary”) is detailed in this window (Figure 7-18).
Often, this report consists mostly of files that have been read. Consequently, the report can be very large. You may want to first run a Summary (see “Summary”) or Search for changes (see “Search”) before using the File List option.
This report is similar to that of previously described file lists, except an extra field is now included in the first column to describe the type of change that has occurred to the file.
| Note: If you've set the File list format field in your Session Preferences window to the Long Listing option, the filename in this listing is annotated to describe the change itself. For details on how to set your session preferences, refer to “Session Preferences”. |
The possible change types, their meanings, and the optional annotations (if the Long Listing option is set) are:
Code | Meaning | Annotation |
|---|---|---|
> | New file | None |
< | Lost file | None |
>> | File increased in size | (old size -> new size) |
<< | File decreased in size | (old size -> new size) |
>= | File has been updated | (Updated: date) |
== | File has been read | (Last read: date) |
U | New user ownership | (old owner-> new owner) |
G | New group ownership | (old owner-> new owner) |
M | New mode (permissions) | (old mode-> new mode) |
R | File has been renamed | (old filename is now new filename) |
Mode changes (M) include changes to file permissions, setuid, setgid, and programs with the sticky bit turned on.
Refer to “View Files” for a detailed description of how to use the List of File Changes window buttons.
Since many changes can occur to a partition over time, you may only want to look for specific types of changes. Click the Search button to define search criteria for the comparison you want to make. A window will appear providing a comprehensive set of search fields (Figure 7-19).
The rest of this subsection describes how to use this window's fields and buttons.
Find Filenames Like
Use this field to specify filenames to use in the search pattern. The filenames can contain the standard UNIX wild card matching characters `*', `?', and `[ ]'. This field will accept more than one entry. Leave a blank space between each unique filename for multiple entries. This is a good mechanism to use if you only want to check for changes in a certain area of a partition.
Skip Filenames Like
This is the opposite of Find Filenames Like field. The filenames entered here create an exclusion list. Any filename entered here will NOT be matched by the search. This field uses the same format as the previous field. This is a good way to ignore files that change on a regular basis and omit unnecessary entries in the report.
Use this field to find only those files whose owners match the names of the users entered. This field will accept more than one entry. Leave a blank space between each unique owner for multiple entries. To exclude any files owned by certain users, place a ! before those usernames. For example:
| root bin uucp | Only files belonging to users root, bin, or uucp | |
| !root !bin | All files except those belonging to users root and bin |
This field is similar to the Owner Names field, except you can specify user group names to use (or exclude) instead of user names.
Use this field to limit the search to files larger than a certain size. The default unit is bytes, but by appending one of the letters k, m, or g, the corresponding unit size of kilobytes (KB), megabytes (MB), or gigabytes (GB) will be used. This can be useful when you are looking for logfiles growing out of control.
This field is similar to the Min. File Size field, except you can specify the maximum file size allowed in the search.
Click the Yes button (the default) to search for new files that did not exist in the previously saved snapshot.
Include contents of new/lost dirs
When EnlightenDSM searches for new or lost files and it comes across a new/lost directory, this selection determines if the contents of the new/lost directory should be included in the search. Click the Yes button (the default) if you want EnlightenDSM to look at the complete contents of the new/lost directory in this case. Otherwise, click the No button to just put the name of the new/lost directory into any report results.
Lost Files
Click the Yes button (the default) to search for files that did exist in the previously saved snapshot and now no longer exist.
Attempt to determine renamed files
Sometimes, files are renamed. Normally this is considered to be the creation of a new file and the loss of the old one. Click the Yes button (the default) if you want EnlightenDSM to attempt to determine if the file has been renamed or not.
This check is not foolproof; it will only find a file being renamed (moved) within the same directory in which it was originally found.
Altered Files
Click the Yes button (the default) to search for files that have changed since the previously saved snapshot. There are many different ways a file can change. These can be selected and/or limited by using the following fields. The default value for all of these fields is also set to Yes.
Use this file to search for files that have either increased or decreased in size and/or to search for changes within certain ranges. In the second case, you may enter the range of size changes that should be searched for in the corresponding Ranges field.
Each size range should be separated by a blank space. The range can be prefixed by a minus (-) sign to denote a decrease in the size or a plus (+) sign to denote an increase in size. If no sign is given, then an increase in size is assumed. A range has the following format:
[+/-]<minsize>[<unit>]-[<maxsize>[<unit>]] |
The square brackets ([]) denote that the field is optional. The fields are:
| + | Search for files that have increased in size | |
| - | Search for files that have decreased in size | |
| <minsize> | The minimum size that file has changed in size | |
| <maxsize> | The maximum size that file has changed in size | |
| <unit> | The unit of size, with the possible units being: |
The following are all valid range examples:
| 1000 | File that increased in size by 1000 bytes | |
| -2K | File that decreased in size by 2 Kb (2048 bytes) | |
| 10% | File that increased in size by 10 percent | |
| 100-10K | File that increased by 100 bytes but not more than 10 Kb | |
| -10K-2M | File that decreased in size by 10Kb but not more than 2Mb |
Click the Yes button to search for files that have changed user ownership. Sometimes you may want to focus on changes in ownership for just a few users or a specific group of users (e.g., chown to root). In this case, you can specify those entries in the corresponding Ranges field. Leave a blank space between each unique username or user ID (UID) for multiple entries.
This field is similar to the User Ownership field, except you can specify user group names or group IDs (GIDs) to use instead of user names or user IDs (UIDs).
Click the Yes button to search for file permission changes. If you only want to look for specific mode changes (e.g., new setuid programs), you can specify those entries in the corresponding Ranges field. Leave a blank space between each set of mode changes for multiple entries.
You can use two formats to search for specific mode changes:
[+/-]<numeric mode> [+/-]<who><modes> |
Use the first format to search for added or lost permissions followed by UNIX style octal <numeric mode>. EnlightenDSM will search for files that have had one of the specified bits changed in the file permissions, for example, use +007 to look for any gaining of permissions for the other user type. Only experienced UNIX administrators should use this format.
Use the second format to search for where a type of user (<who>) and/or a type of mode (<modes>) permissions were added or lost.
The <who> permission values are:
| u | Look for changes to the user's permissions | |
| g | Look for changes to the group's permissions | |
| o | Look for changes to the others' permissions | |
| a | Look for changes to any of these permissions (user, group, and other). This is the default value. |
The <modes> permission values are:
| r | Look for changes to the read permissions | |
| w | Look for changes to the write permissions | |
| x | Look for changes to the execute permissions | |
| s | Look for changes to the setuid permissions | |
| t | Look for changes to the sticky bit permissions |
The following are examples of the second format:
| +orwx | Look for any gaining of permissions for other user types | |
| +s | Look for any files gaining setuid/setgid privileges | |
| -ax | Look for any loss of executable permissions for all user types |
Updated
Updated files are files that have been modified without having the size of the file increase or decrease. This often happens to database files where data in the middle of the file is replaced with new data. Click the Yes button if updated files should be part of the search.
Accessed (read)
Every time a file/program is read or executed, the access date is updated. Since many files are typically read or executed between snapshots, the list of read files may become quite long. Click the No button if read files should not be included in the search.
Execute Search
The search criteria may use one or any combination of the fields described in the previous section. Once you've entered your search criteria, click the Execute Search button. The List of Changed Files window will appear with a list of the files that met the criteria (Figure 7-20).
As mentioned previously, disk snapshot comparisons are time-intensive operations that may take time to complete.
From here, you can execute more commands such as edit, backup, and chown to manipulate the displayed files' characteristics. See “File List” for more details on using this window and “View Files” to use its buttons.
Clear Fields
Click this button to clear the existing choices in all fields.
Close
Click this button to discard any changes and close the window.