If you want to perform a task every time a specific event occurs, you could employ various techniques for polling or log watching; however, Linux provides a more general solution in the form of a tool called incron. Incron uses the inotify subsystem [1] to listen for events that affect a filesystem, such as opening, creating, or deleting a file; accessing a directory; or changing an attribute.

The name incron suggests the common cron utility [2]; however, cron jobs are triggered by a moment in time (every Friday, once a day at 3 am, in August, etc.), whereas incron is triggered by file or directory events. The gears in your head are probably already spinning, thinking of all the potential uses of incron. So, in this article, I describe how to set up incron and put it to work in some simple examples.

Getting incron

The incron tool set is not usually preinstalled by default in most distros, but because it is an implementation of the inotify subsystem (see the box "The Origin of incron"), it is likely in your distro's repository, so you can install it through the package manager. However, if for some reason you can't install the necessary packages from your distro's repos, you can download the latest version [3] and build from source.

Note that incron is a relatively recent technology – the inotify notification framework was first implemented in kernel 2.6.13 – so if you're running an older kernel, incron will not work.

Incron comprises several bits and pieces, of which the main component is the incrond daemon. This daemon installs into /etc/init.d. Depending on your system, it can be started with one of the following commands

# /etc/init.d/incrond start
# /etc/init.d/incron start

or, if you're using systemd,

# systemctl status incron.service

or any variation thereof.

Hello incron!

Once the daemon is running, you can create your own particular "Hello World!" In this first project, I'll create a logfile and add a line to it every time a file is added to a monitored directory.

First, I create the directory I want to monitor:

$ mkdir my_dir

The incron system is similar to cron in that it saves a file for each user. This file, called incrontab, contains the events you want to monitor linked to the actions you want to run. Although you could edit this file by hand (I'll look at that a bit later), the done way of doing things is to use the incrontab instruction with, in this case, the -e (for edit) argument:

incrontab -e

This command opens the file for the current user in the preconfigured default editor – that is, whatever your $EDITOR environment variable points to (or vi if it isn't pointing to anything). As with cron, each event/task pair has to be on one line and comprises:

1. <a path> – the path to the directory or file to monitor.
2. <a mask> – the events to monitor (see Table 1).
3. <a command> – the action to run. It can be an individual command or a script that runs from the shell.

In this example, incrontab will contain a single line:

/home/<user>/my_dir IN_CREATE /home/<user>/bin/hello.sh

The hello.sh file contains the very short script,

#!/bin/bash
echo "File created." >> /home/<user>/file_log

where <user> is the username of interest. For this command to work, you must make hello.sh executable with:

chmod a+x bin/

Once you have saved and closed the user's incrontab file, the program will show the message table updated, indicating the changes have been registered. Now, if you create a file in my_dir by typing, for example,

$ touch my_dir/file1.txt

the file_log file will appear in your home directory containing the line File created.

Note the first limitation of incron: Compound operations, such as the echo instruction that redirects its output to a file in hello.sh, must be wrapped in shell script, or incron will choke. Because incron is not a shell command interpreter, it does not understand such things as the redirections, pipes, and globbings that make up a compound instruction. The only thing incron can use in the command section of the line is the instruction's name and its parameters. For example, this command

/home/paul/my_dir IN_CREATE echo "File created." >> /home/paul/file_log

would not work as expected, because it would be interpreted as follows:

• echo is the instruction to run (correct).
• "File created." is a parameter for echo (also correct).
• >> is another argument for echo (incorrect).
• /home/paul/file_log is also an argument for echo (also incorrect).

This behavior is the default for incron, so it won't generate any errors in its logs. (You can track incron's errors or lack thereof by checking /var/log/cron.) Incron simply ignores what it doesn't understand and carries on.

This example also illustrates the second limitation of incron: In the incrontab line, you have to specify the complete absolute path to the executable that, in this case, lives in the user's own bin/ directory. Although this directory might be included in the user's own $PATH environment variable, the incron daemon runs as superuser, so the executable would have to be in the root's $PATH for the daemon to find it; otherwise, you have to specify the absolute path. Thus, you must make sure your executable is in /bin, /usr/bin, /usr/local/bin, or somewhere equally accessible, or point to the program with an absolute path.

Wild Cards

This "Hello World" incron program is as silly as any other, but with a couple of small changes you can modify it to make it much more useful. For example, registering the name of a created file in the logfile is easy. Incron provides a series of default variables (for some reason called "wildcards" in incron jargon) that contain this kind of information. (See Table 2 for a full list.) For the time being, $#, which contains the name of the file affected by the event, is of interest.

Open your incrontab file again (incrontab -e) and change your monitoring line to:

/home/paul/my_dir IN_CREATE /home/paul/bin/hello.sh $#

Next, modify your hello.sh script to:

#!/bin/bash
echo "File $1 created." >> /home/paul/file_log

Now try it out by creating a new file in my_dir:

$ touch my_dir/file2.txt

If you look in file_log, you'll see that it contains a new line that says File file2.txt created..