Incron command in Linux with Examples

Incron is an “inotify cron” system. It works very much like the regular cron, however, cron jobs are triggered by a moment in time (every Sunday, once a day at 12 am and so on), whereas incron jobs are triggered by filesystem events (such as creating, deleting or modifying files or directories). Here are few examples where incron can be used:  

• Monitoring file usage and statistics
• Notifying programs (e.g. server daemons) if changes are made in the configuration files.
• Protecting against changes in the critical files.
• Automatic on-change backup or versioning.
• Processing uploaded files.

Note: As incron is not recursive, so you have to also add all the sub-directories that you want it to watch. Do not do any action from within an incron job in a directory that you monitor to avoid loops.  

Installing and Configuring Incron:

Use the following command to install incron.  

$sudo apt-get install incron

Configuration: To configure incron access we have to configure /etc/incron.allow and /etc/incron.deny files.  

• /etc/incron.allow : If this file exists only users listed here may use incron.
• /etc/incron.deny : If this file exists only users NOT listed here may use incron.

If none of these files exists every user on the system is allowed to use incron. 
 

Syntax: 

<path>  <mask>  <command>

Here: 

• <path>is absolute path of the directory to watch.
• <mask> is event mask(in symbolic or numerical form).

Event Symbols (Masks): 
IN_ACCESS File was accessed (read). 
IN_ATTRIB Metadata changed (permissions, timestamps, extended attributes, etc.). 
IN_CLOSE_WRITE File opened for writing was closed. 
IN_CLOSE_NOWRITE File not opened for writing was closed. 
IN_CREATE File/directory created in watched directory. 
IN_DELETE File/directory deleted from watched directory. 
IN_DELETE_SELF Watched file/directory was itself deleted. 
IN_MODIFY File was modified. 
IN_MOVE_SELF Watched file/directory was itself moved. 
IN_MOVED_FROM File moved out of watched directory. 
IN_MOVED_TO File moved into watched directory. 
IN_OPEN File was opened.

• <command> is executable file (or script) with its arguments.

The following wildcards may be used inside the command specification. 
$$ Prints a dollar sign 
$@ Add the watched filesystem path 
$# Add the event-related file name 
$% Add the event flags (textually) 
$& Add the event flags (numerically)  

Setting Up Incron

After installation and configuration, you need to start incron daemon by using the following command: 
 

$ /etc/init.d/incrond start
        OR
$ systemctl start incron.service

You can check incron status using:  

$ systemctl status incron.service

Now you have to add your user or root to the /etc/incron.allow config. file so that user can access crontab.  

$ sudo nano /etc/incron.allow

Using incrontab commands you can list (-l), edit (-e), and remove (-r) incrontab entries. 

$ incrontab -l
$ incrontab -e
$ incrontab -r 

Monitoring a file

Suppose, we want to monitor a file( /tmp/gfg/myfile.txt ) and for every change, we want to log the date and time of the modification to a log file( /tmp/logs/mylogs.txt ). 

1. The content of “myfile.txt” are displayed below. 

2. Create a script with name “action.sh” that will log the date and time to the log file, we will run this script every time changes are made to the myfile.txt. 

3. Now you can edit crontab using command.  

$ crontab -e:

4. Now let’s make changes to myfile.txt. 

5. If we see logs we can see the date and time of changes. 

Monitoring a directory

Now let’s monitor directory( /tmp/gfg/) and for every new File/directory we log the date and time of the creation to a log file( /tmp/logs/mylogs.txt ). 
1. Open incrontab file. Here we are passing “$#” wildcard in the command which will pass the event-related file name to the command. 

2. We will update action.sh. Here we are using “$#” wildcard which was passed as a argument. 

3. Now let’s try it out by creating a new file in our gfg directory and see the resultant in log file: