For example to make a correct log file rotation or backup rotation or other kind of file rotation it is good to understand what kind of timestamp a file has and which one can be affected and how it can be affected. Here are documented the basic 3 linux commands that can be used to check, filter, and list those timestamps. These are the stat, the ls and the find command.
stat command
There are 3 kind of timestamps for a file:
Access – the last time the file was read
Modify – the last time the file was modified (content has been modified)
Change – the last time meta data of the file was changed (e.g. permissions, filename)
With the stat command can we see allthe 3 timestamps:
| # stat /var/log/backup/myserver_26_1_2012_02_00.tgz File: `/var/log/backup/myserver_26_1_2012_02_00.tgz’ Size: 2938286292 Blocks: 5744464 IO Block: 4096 Regular File Device: fd00h/64768d Inode: 117997600 Links: 1 Access: (0644/-rw-r–r–) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2012-02-17 15:54:23.000000000 +0100 Modify: 2012-01-26 02:19:43.000000000 +0100 Change: 2012-01-26 02:19:44.000000000 +0100 |
stat command info:
http://unix.stackexchange.com/questions/2464/timestamp-modification-time-and-created-time-of-a-file
find command
with find command we can look for files accourding to the 3 timestamps as well, but have to say that find have much more criteria.
atime – File Access Time
Access time shows the last time the data from a file was accessed – read by one of the Unix processes directly or through commands and scripts.
ctime – File Change Time
ctime also changes when you change file’s ownership or access permissions. It will also naturally highlight the last time file had its contents updated.
mtime – File Modify Time
Last modification time shows time of the last change to file’s contents. It does not change with owner or permission changes, and is therefore used for tracking the actual changes to data of the file itself.
n: If the integer n does not have sign this means exactly n 24-hour periods (days) ago, 0 means today.
+n: If it has plus sing, then it means “more then n 24-hour periods (days) ago”, or older then n,
-n: If it has the minus sign, then it means less than n 24-hour periods (days) ago (-n), or younger then n. It’s evident that -1 and 0 are the same and both means “today”.
ls command
With ls command can we list the files according to the 3 timestamps as well:
ls -l shows you the time of the last file modification – mtime.
ls -lu shows the last access time for this file – atime.
ls -lc shows the last time our file was changed – ctime
Sources:
atime, ctime and mtime in Unix filesystems:
http://www.unixtutorial.org/2008/04/atime-ctime-mtime-in-unix-filesystems/
Selectig a file by age:
http://www.softpanorama.org/Tools/Find/selecting_files_by_age.shtml
Using exec option in find command:
http://www.softpanorama.org/Tools/Find/using_exec_option_and_xargs_in_find.shtml
itsecworks 
March 16th, 2012 → 4:28 pm
[…] To understand the operation of the commands and the timing I made one more post here. […]