Get last modified and change date of file in linux

By | 30 October, 2015

Short post to keep things simple, and i also have better things to do:

You had a great script doing skynet stuff on your server, but you noticed it stopped tracking the missile network sometime last week. Could someone have changed it? You know the last time you edited it, sometime around november 1976, so let’s check if someone else edited it since then.

Consider the file is named “”

if you do this:

[user]$ stat

you get something like this:

File: `'
Size: 7               Blocks: 8          IO Block: 4096   regular file
Device: fd00h/64768d    Inode: 2656236     Links: 1
Access: (0664/-rw-rw-r--)  Uid: (  506/user)   Gid: (  506/user)
Access: 2015-10-30 14:52:07.000000000 +0000
Modify: 2015-10-26 15:17:02.000000000 +0000
Change: 2015-10-28 05:12:03.000000000 +0000

So some bastard modified it on october 26th and changed it on the 28th. Who did it? Well, thats not as easy, but you can go dig through the bash history if you are inclined to it.

To make things clear:

last access: Time when file data last accessed. Changed by the mknod(2), utimes(2) and read(2) system calls.
last modified: Time when file data last modified. Changed by the mknod(2), utimes(2) and write(2) system calls.
last changed: Time when file status was last changed (inode data modification). Changed by the chmod(2), chown(2), link(2), mknod(2), rename(2), unlink(2), utimes(2) and write(2) system calls.

On a side note for the more distracted: doing a stat [file] does not change its access date stamp. “Access” means reading its contents.

Where you can find out more (and what i read to find out myself):
Regarding access time linux
Linux stat command with examples (There’s some cool info here)