List of content you will read in this article:
- 1. Using debugfs command
- 2. Find the file creation time with stat command.
- 3. Check file creation time in Linux using xfs_io command
- 4. Conclusion
For instance, if a system file was altered, you may quickly identify the modifications that were done.
There are several ways to check file creation time in Linux. This is helpful if you need to know the creation date of a file for troubleshooting purposes or to know some information about your files.
In this article, we'll explore three distinct approaches to finding file creation time in Linux.
Using debugfs command
The debugfs command is the most effective technique to check when a file is created in Linux. This tool can be used for debugging. It can also display details about a file, such as when it was created. The debugfs command can be used in two different ways, as explained in the following.
debugfs -R ‘stat file path’ /dev/device
For this debugfs command, you need the device path and file path that the device contains.
On a Linux system, information on disk space usage may be viewed using the df command. Additionally, you can use this command to get the device path for a certain file. You must use the following syntax to use this command:
df [options] filename
When you run this command, the output should resemble something like this:
# df -h /etc/fstab
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 47G 2.2G 45G 5% /
The device path is shown in the "Filesystem" column.
debugfs -R ‘stat <inode>’ /dev/device
The inode number of the file you want to inspect must be obtained for the second technique.
A data structure called an inode is used to hold details about files. It includes details like the file's size, owner, group, rights, and creation time. On a Linux system, each file has its inode.
Using the ls -i command, you may determine a file's inode number. With this command, all the files in a directory are listed with their inode numbers.
You can check file creation time in Linux using the debugfs command and this inode number.
Find the file creation time with stat command.
A file's size, creation and modification times, among other details, can all be displayed with the stat command. You must use the syntax shown below when using the stat command:
stat [options] filename
The "Birth" column displays the file creation time.
If the Birth field in the stat command is blank, you need to upgrade the coreutils package to the most recent version, or you can use the debugfs technique.
The commands to check the coreutils package version are shown below. Version 8.32-4.1 is the least you need.
- rpm -qa|grep coreutils
- yum info coreutils
Check file creation time in Linux using xfs_io command
Another approach to finding the file creation time in Linux is with the xfs io command. The XFS filesystem includes this command, which can display details about a file, including the time the file was created.
You will need to know the path to the file you wish to inspect to use this command.
There is a ton of information about the file provided by the xfs io command. The "stat.btime" column displays the file creation time.
Conclusion
Linux OS may support numerous users, and system administrators, in particular, may find it useful to know when files were created.
For auditing purposes, it is essential to know which person is producing which sort of file because it can be infected with viruses. This is because various users have varied levels of skill.
To examine the file creation time in Linux, you might employ three alternative techniques. Every technique has benefits and drawbacks, so you must select the one that best meets your requirements.
People also read: