使用inotify 监控文件创建、修改

例子为：使用inotify 监控文件创建，可用于安全防护，在创建文件时，检测文件内容，以及后续的操作。
监控类型在/usr/include/sys/inotify.h头文件查看

#define IN_ACCESS        0x00000001     /* File was accessed.  */
#define IN_MODIFY        0x00000002     /* File was modified.  */
#define IN_ATTRIB        0x00000004     /* Metadata changed.  */
#define IN_CLOSE_WRITE   0x00000008     /* Writtable file was closed.  */
#define IN_CLOSE_NOWRITE 0x00000010     /* Unwrittable file closed.  */
#define IN_CLOSE         (IN_CLOSE_WRITE | IN_CLOSE_NOWRITE) /* Close.  */
#define IN_OPEN          0x00000020     /* File was opened.  */
#define IN_MOVED_FROM    0x00000040     /* File was moved from X.  */
#define IN_MOVED_TO      0x00000080     /* File was moved to Y.  */
#define IN_MOVE          (IN_MOVED_FROM | IN_MOVED_TO) /* Moves.  */
#define IN_CREATE        0x00000100     /* Subfile was created.  */
#define IN_DELETE        0x00000200     /* Subfile was deleted.  */
#define IN_DELETE_SELF   0x00000400     /* Self was deleted.  */
#define IN_MOVE_SELF     0x00000800     /* Self was moved.  */
/* Events sent by the kernel.  */
#define IN_UNMOUNT       0x00002000     /* Backing fs was unmounted.  */
#define IN_Q_OVERFLOW    0x00004000     /* Event queued overflowed.  */
#define IN_IGNORED       0x00008000     /* File was ignored.  */
/* Helper events.  */
#define IN_CLOSE         (IN_CLOSE_WRITE | IN_CLOSE_NOWRITE)    /* Close.  */
#define IN_MOVE          (IN_MOVED_FROM | IN_MOVED_TO)          /* Moves.  */
/* Special flags.  */
#define IN_ONLYDIR       0x01000000     /* Only watch the path if it is a
                                           directory.  */
#define IN_DONT_FOLLOW   0x02000000     /* Do not follow a sym link.  */
#define IN_EXCL_UNLINK   0x04000000     /* Exclude events on unlinked
                                           objects.  */
#define IN_MASK_ADD      0x20000000     /* Add to the mask of an already
#define IN_ONESHOT       0x80000000     /* Only send event once.  */
/* All events which a program can wait on.  */
#define IN_ALL_EVENTS    (IN_ACCESS | IN_MODIFY | IN_ATTRIB | IN_CLOSE_WRITE
                          | IN_CLOSE_NOWRITE | IN_OPEN | IN_MOVED_FROM
                          | IN_MOVED_TO | IN_CREATE | IN_DELETE
                          | IN_DELETE_SELF | IN_MOVE_SELF)

监控制定目录下面创建文件和目录

#include 
#include 
#include 
#include 
#include 
#define	EVENT_SIZE ( sizeof(struct inotify_event) )
#define	BUFF_LEN ( 1024 * ( EVENT_SIZE + 16 ))
int main(void)
{
    int	length, i = 0;
    int	fd;
    int	wd;
    char	buff[BUFF_LEN];
    fd = inotify_init();
    if ( fd < 0) {
        perror("inotify_init error:");
        exit(-1);
    }
    wd = inotify_add_watch(fd, "/home/key1088/code/c/test", IN_CREATE);
    struct inotify_event *event;
    while ( 1 ) {
        memset(buff, 0x00, sizeof(buff));
        length = read(fd, buff, BUFF_LEN);
        if ( length < 0) {
            perror("read:");
        }
        event = ( struct inotify_event * ) &buff[ i ];
        if ( event->len ) {
            if (event->mask & IN_CREATE) {
                if(event->mask & IN_ISDIR) {
                    printf("create dir,dirname=[%s]n", event->name);
                }else{
                    printf("create file,filename=[%s]n", event->name);
                }
            }
        }
    }
    inotify_rm_watch(fd, wd);
    close(fd);
    return 0;
}

参考：http://www.ibm.com/developerworks/cn/linux/l-ubuntu-inotify/