Linux – How to “shadow” the filesystem on Linux

filesystemslinux

On a Linux environment sometimes I need to run a script as root which will add/modify serveral files on my fs.

Basically I'd like to know exactly which files are modified and how WITHOUT opening the script and trying to guess the code.

I was thinking about using something like unionfs: the main fs would be accessible in readonly mode and all changes are written on a file used as a partition and "mounted" in write mode.

Are there other ways to achieve the same goal (i.e. other than unionfs)?

Best Answer

An example for the LVM solution mentioned before.

Caveat: The filesystem you want to diff has to be on a lvm logical volume! (And you have to have some free space on disk.)

# lvcreate --size 2G --name your-fs-snapshot --snapshot /dev/vg0/your-fs 
  Logical volume "your-fs-snapshot" created

This takes a snapshot of /dev/vg0/your-fs at that moment. Then, do the changes you want to have recorded.

You can mount your snapshot as a copy of your-fs in the original state and diff with the tool of your choice, e.g. diff.

# mount /dev/vg0/your-fs-snapshot /mnt
# diff -q /original/volume/subdir /mnt/subdir

Do not forget to unmount and remove your snapshot, since while doing this, changes to the original volume are recorded as reverse diffs to the snapshot - until that fills up.

# umount /mnt
# lvremove /dev/vg0/your-fs-snapshot 
Do you really want to remove active logical volume your-fs-snapshot? [y/n]: y
  Logical volume "your-fs-snapshot" successfully removed

Hint: If your logical volume contains a partition-table, you can add device entries via:

# kpartx -av /dev/vg0/your-disk-snapshot
Related Topic