How to trigger commands on File/Directory changes with Incron on Debian
This guide shows how you can install and use incron on a Debian 8 (Jessie) system. Incron is similar to cron, but instead of running commands based on time, it can trigger commands when file or directory events occur (e.g. a file modification, changes of permissions, etc.).
- System administrator permissions (root login). All commands in this tutorial should be run as root user on the Shell.
- I will use the editor "nano" to edit files. You may replace nano with an editor of your choice or install nano with "apt-get install nano" if it is not installed on your server.
2 Installing Incron
Incron is available in the Debian repository, so we install incron with the the following apt command:
apt-get install incron
The installation process should be similar to the one in this screenshot.
3 Using Incron
Incron usage is very much like cron usage. You have the incrontab command that let's you list (-l), edit (-e), and remove (-r) incrontab entries.
To learn more about it, see:
There you also find the following section:
If /etc/incron.allow exists only users listed here may use incron. Otherwise if /etc/incron.deny exists only users NOT listed here may use incron. If none of these files exists everyone is allowed to use incron. (Important note: This behavior is insecure and will be probably changed to be compatible with the style used by ISC Cron.) Location of these files can be changed in the configuration.
This means if we want to use incrontab as root, we must either delete /etc/incron.allow (which is unsafe because then every system user can use incrontab)...
rm -f /etc/incron.allow
... or add root to that file (recommended). Open the /etc/incron.allow file with nano:
And add the following line. Then save the file.
Before you do this, you will get error messages like this one when trying to use incrontab:
server1:~# incrontab -l
user 'root' is not allowed to use incron
Afterwards it works:
server1:~# incrontab -l
no table for root
We can use the command:
To create incron jobs. Before we do this, we take a look at the incron man page:
man 5 incrontab
The manpage explains the format of the crontabs. Basically the format is as follows...
<path> <mask> <command>
...where <path> can be a directory (meaning the directory and/or the files directly in that directory (not files in subdirectories of that directory!) are watched) or a file.
<mask> can be one of the following:
IN_ACCESS File was accessed (read) (*)
IN_ATTRIB Metadata changed (permissions, timestamps, extended attributes, etc.) (*)
IN_CLOSE_WRITE File opened for writing was closed (*)
IN_CLOSE_NOWRITE File not opened for writing was closed (*)
IN_CREATE File/directory created in watched directory (*)
IN_DELETE File/directory deleted from watched directory (*)
IN_DELETE_SELF Watched file/directory was itself deleted
IN_MODIFY File was modified (*)
IN_MOVE_SELF Watched file/directory was itself moved
IN_MOVED_FROM File moved out of watched directory (*)
IN_MOVED_TO File moved into watched directory (*)
IN_OPEN File was opened (*)
When monitoring a directory, the events marked with an asterisk (*) above can occur for files in the directory, in which case the name field in the
returned event data identifies the name of the file within the directory.
The IN_ALL_EVENTS symbol is defined as a bit mask of all of the above events. Two additional convenience symbols are IN_MOVE, which is a combination of IN_MOVED_FROM and IN_MOVED_TO, and IN_CLOSE which combines IN_CLOSE_WRITE and IN_CLOSE_NOWRITE.
The following further symbols can be specified in the mask:
IN_DONT_FOLLOW Don't dereference pathname if it is a symbolic link
IN_ONESHOT Monitor pathname for only one event
IN_ONLYDIR Only watch pathname if it is a directory
Additionaly, there is a symbol which doesn't appear in the inotify symbol set. It is IN_NO_LOOP. This symbol disables monitoring events until the current one is completely handled (until its child process exits).
<command> is the command that should be run when the event occurs. The following wildards may be used inside the command specification:
$$ dollar sign
[email protected] watched filesystem path (see above)
$# event-related file name
$% event flags (textually)
$& event flags (numerically)
If you watch a directory, then [email protected] holds the directory path and $# the file that triggered the event. If you watch a file, then [email protected] holds the complete path to the file and $# is empty.
If you need the wildcards but are not sure what they translate to, you can create an incron job like this. Open the incron incrontab:
and add the following line:
/tmp/ IN_MODIFY echo "$$ [email protected] $# $% $&"
Then you create or modify a file in the /tmp directory and take a look at /var/log/syslog - this log shows when an incron job was triggered, if it succeeded or if there were errors, and what the actual command was that it executed (i.e., the wildcards are replaced with their real values).
Sep 16 10:14:35 server1 incrond: (root) CMD (echo "$ /tmp .hello.txt.swp IN_MODIFY 2")
Sep 16 10:14:36 server1 incrond: (root) CMD (echo "$ /tmp .hello.txt.swp IN_MODIFY 2")
Sep 16 10:14:39 server1 incrond: (root) CMD (echo "$ /tmp hello.txt IN_MODIFY 2")
Sep 16 10:14:39 server1 incrond: (root) CMD (echo "$ /tmp .hello.txt.swp IN_MODIFY 2")
In this example I've edited the file /tmp/hello.txt; as you see [email protected] translates to /tmp, $# to hello.txt, $% to IN_CREATE, and $& to 256. I used an editor that created a temporary .txt.swp file which results in the additional lines in syslog.
Now enough theory. Let's create our first incron jobs. I'd like to monitor the file /etc/apache2/apache2.conf and the directory /etc/apache2/vhosts/, and whenever there are changes, I want incron to restart Apache. This is how we do it:
/etc/apache2/apache2.conf IN_MODIFY /usr/sbin/service apache2 restart /etc/apache2/sites-available/ IN_MODIFY /usr/sbin/service apache2 restart
That's it. For test purposes you can modify your Apache configuration and take a look at /var/log/syslog, and you should see that incron restarts Apache.
NOTE: Do not do any action from within a incron job in a directory that you monitor to avoid loops. Example: When you monitor the /tmp directory for changes and each change triggers a script that writes a log file in /tmp, this will cause a loop and might bring your system to high load or even crash it.
To list all defined incron jobs, you can run:
server1:~# incrontab -l
/etc/apache2/apache2.conf IN_MODIFY /usr/sbin/service apache2 restart
/etc/apache2/vhosts/ IN_MODIFY /usr/sbin/service apache2 restart
To delete all incron jobs of the current user, run:
server1:~# incrontab -r
removing table for user 'root'
table for user 'root' successfully removed