Sunday, September 1, 2013

Incrontab - linux


incron is according to its page:
This program is an “inotify cron” system. It consists of a daemon and a table manipulator. You can use it a similar way as the regular cron. The difference is that the inotify cron handles filesystem events rather than time periods.

As you can see, this is just the tool we need to accomplish this task.


Installation, should be very straight forward. Just use your Linux distribution package manager to install it. In my case using Arch Linux was:
pacman -S incron

The package came with a configuration example file: /etc/incron.conf.example which listed some other configuration files.

  • /etc/incron.allow : Here you configure the users allowed to use incron

  • /etc/incron.deny : Here you configure the users to deny the use incron

  • /etc/incron.d : This directory is examined by incrond for system table files.


Basically, all you need to run incron is:

  1. Create the file /etc/incron.allow (check in etc/incron.conf if that is the right file to allow users), and add root and your user

  2. Run: incrontab -e

  3. Enter the folder to watch, the event to look for, and the command to run if the event happens.

The syntax of incrontab is:

<folder> <mask> <command>


<folder> is: The absolute path to the folder to watch

<mask> is: A symbolic or numeric mask for events (see below)

<command> is: The command to run on events.


  • IN_ACCESS - File was accessed (read)

  • IN_ATTRIB - Metadata changed (permissions, timestamps, extended attributes, etc.)

  • IN_CLOSE_WRITE - File opened for writing was closed

  • IN_CLOSE_NOWRITE - File not opened for writing was closed

  • IN_CREATE - File/directory created in watched directory

  • IN_DELETE - File/directory deleted from watched directory

  • IN_DELETE_SELF - Watched file/directory was itself deleted

  • IN_MODIFY - File was modified

  • IN_MOVE_SELF - Watched file/directory was itself moved

  • IN_MOVED_FROM - File moved out of watched directory

  • IN_MOVED_TO - File moved into watched directory

  • IN_OPEN - File was opened

The IN_ALL_EVENTS symbol is defined as a bit mask of all of the above events. Two additional convenience symbols are IN_MOVE, which is a combination of IN_MOVED_FROM and IN_MOVED_TO, and IN_CLOSE which combines IN_CLOSE_WRITE and IN_CLOSE_NOWRITE.


<command> is the command that should be run when the event occurs. The following wildards may be used inside the command specification:

$$ dollar sign
$@ watched filesystem path (see above)
$# event-related file name
$% event flags (textually)
$& event flags (numerically)

If you watch a directory, then $@ holds the directory path and $# the file that triggered the event. If you watch a file, then $@ holds the complete path to the file and $# is empty.

If you need the wildcards but are not sure what they translate to, you can create an incron job like this:

/tmp/ IN_MODIFY echo "$$ $@ $# $% $&"
Then you create or modify a file in the /tmp directory and take a look at /var/log/syslog - this log shows when an incron job was triggered, if it succeeded or if there were errors, and what the actual command was that it executed (i.e., the wildcards are replaced with their real values).

tail /var/log/syslog

Aug 21 17:26:50 server1 incrond[7111]: (root) CMD (echo "$ /tmp huhu IN_CREATE 256")

In this example I've created the file /tmp/huhu; as you see $@ translates to /tmp, $# to huhu, $% to IN_CREATE, and $& to 256.


No comments:

Post a Comment