Re: /usr/bin/login patch question

From: Cy Schubert - ITSD Open Systems Group (
Date: 12/31/01

From: Cy Schubert - ITSD Open Systems Group <>
To: "Peter L. Ashford" <ashford@SDSC.EDU>
Date: Mon, 31 Dec 2001 11:25:44 -0800

In message <>,
"Peter L.
 Ashford" writes:
> The 'chmod' command does not change the modification time of the inode.
> This is also true for other, similar, commands ('chown', 'chgrp', etc.).
> That time is only changed when a write to the file is performed. There is
> a field in the inode ('ic_ctime') that should be updated when a 'chmod'
> command is executed. This information can be accessed with the '-c'
> option of 'ls'. I don't know how you could change Tripwire to do this,
> but it seems to me that it would be useful.

Ctime is not what it seems. Veritas NetBackup, for example,will by
default reset atime to what it was prior to a file being backed up,
causing ctime to be altered. This is definitely a nuisance, sometimes
even a show stopper, when performing forensic analysis after an event.

As you said this also affects tripwire. You an alter tripwire's policy
file to ignore ctime.

Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Email:
Open Systems Group, ITSD
Ministry of Management Services
Province of BC
                    FreeBSD UNIX: