Suppose a long-running process writes to a log file. Suppose that log file is kept open indefinitely. Suppose that a careless system administrator deletes that log file. Can the program detect that this has happened?
Is it safe to assume that fstat()
will report a link count of zero for a deleted file?
Truncation, it seems to me, is slightly trickier. In part, it depends on whether the file descriptor is running in O_APPEND
mode. If the log file is not running with O_APPEND
, then the current write position of the program's log descriptor doesn't change, and the truncation removes the leading bytes, but the program continues to write at 'the end', leaving a gap of phantasmal zero bytes (they read as zeroes, but don't necessarily occupy space on disk). If the program runs with O_APPEND
, then it will write at the end of the file as it currently exists. The only way to observe the truncation is to note that the file position is not where the program expected it - which in turn means tracking that position explicitly.
On the whole, I'm not so worried about truncation as deletion, but any thoughts would be welcome.