All you need to know about - Inotify

All you need to know about - Inotify

Nowadays, it is common to automate almost everything to keep pace with the fast-paced world with the available technologies and increased capabilities. Automation saves lots of time & helps in managing things efficiently. One such feature is Inotify, which was created by John McCutchan in 2005. Later it was incorporated into Linux kernel mainline released on August 29, 2005, with kernel version 2.6.13.

This Linux Kernel subsystem serves as a file change notification system. It addresses the major process of automating folder-monitoring mechanism to track a folder for each & every change.

How does Inotify Work?

The Inotify develops a mechanism for monitoring file system events, which watches individual files & directories. While monitoring directory, it will return events for that directory as well as for files inside the directory.

It has a significant benefit in desktop search utilities like Beagle, where its functionality allows reindexing of changed files. It frees you from the inefficient processes of checking the filesystem for changes. Besides, Inotify automatically updates directory views, reloads configuration files and logs changes, backups, synchronizes & uploads.

Inotify Installation

The Inotify package is not bundled with PHP by default. You need to download this extension from the PHP repository called PECL. Click here to find the detailed systematic information for installing this PECL extension.

With PECL, it is simple to make shared PHP extension by using the following command.

pecl install extname

 

The only thing you require to do is add the respective extension in the base command as shown below:

pecl install inotify

 

The above command will download the Inotify source, and install Inotify.so into your extension_dir.

The table below depicts the various Inotify extensions and their functions:

Inotify Extensions

Functions

inotify_init

Initializes an Inotify instance

inotify_add_watch

Appends a watch to the initialized Inotify instance

inotify_read

Reads events from the Inotify instance

inotify_queue_len

Returns a numeric above 0 if there are not executed events

inotify_rm_watch

Removes an existing watch from the Inotify instance

 

How Inotify can be implemented?

Just consider a scenario, where you need to auto-import a CSV file data to the database whenever a new file is uploaded to a specified folder. Here is a sample script to achieve the same in Linux server:

nohup php filename.php &

<?php stream_set_blocking($inoInst, 0);       // Sets non-blocking mode on a stream

$monitor_id = inotify_add_watch($inoInst, 'source_dir', IN_CREATE);    // Monitor if a file is created in source directory to watch

while(true)

{              

$events = inotify_read($inoInst);                    // Read events

 

if ($events[0]['wd'] === $monitor_id)             //If the event is happening within our 'source_dir'

    {                                                                        

           if($events[0]['mask'] === IN_CREATE)   // Checks for new file

               {

                 printf("Created file: %s in source_dir\n", $events[0]['name']);

               }            

      }

 }

inotify_rm_watch($inoInst, $monitor_id);      // Stop monitoring directory

 

fclose($inoInst);                                                     // Close the Inotify instance

?>

 

 

Source: Clarion Technologies

Next, create a file as “helloclarion.csv” and move it to the source folder specified. As soon as the above file is uploaded, a message is triggered as shown below:

Response:

Created file: helloclarion.csv in source_dir

 

Where Inotify can be used?

The requirement to scan a filesystem to trigger an action is a common one. A wide range of common tasks requires this mechanism, including:

  • Monitoring entire disk usage
  • Automatic cleanup in the face of a crash
  • Sending notification when the file upload completes
  • Tracking changes in system files
  • Alerting changes in configuration files

Real-time Application – Detection of Intrusion/Malware

Inotify is used in several antivirus systems and security apps, including Tripwire in order to discover any changes in the filesystem. With Inotify, anti-virus detectors re-scan the file system for modified files to detect if any malicious intrusions have occurred. This kind of applications use a user-space device through which Inotify events are triggered between the kernel and user-space applications. This device is connected to the kernel buffer in order to collect as well as temporarily store the filesystem events. As such, the user can be notified when the target file is overwritten with any malicious activity.

Limitations of Inotify

  • As Inotify is a Linux kernel subsystem, it runs only on Linux Operating System.
  • It doesn’t support monitoring recursive directories. Hence, you have to include a separate Inotify watch for each subdirectory, which needs to be monitored.
  • Renaming events are not addressed directly. Inotify provides 2 discrete events which must be audited as well as matched in potential race conditions.

Alternatives to Inotify

Since Inotify works only on Linux, here are other alternative options that offer similar solution:

  • File Alteration Monitor (FAM) – Subsystem supports UNIX like operating system. It enables applications to observe changes in the files and be alerted when they’re changed.
  • FSEvents – API in macOS enables apps to register for the alarm of changes to a directory tree.
  • Dnotify – Predecessor of Inotify. This file system monitor is still retained for compatibility reasons.

Inotify has been accepted as an effective way to monitor events in the Linux filesystem. It enables to monitor several events on files in your file system. Undeniably, it is a convenient way to manage files to be used in the applications.

Author

Table of Contents

Talk To Our Experts