Man Linux: Main Page and Category List


       mactime - an mtime, atime, and ctime reporter


       mactime  [  -DfhlnRsty [ -d directory ] [ -g group ] [ -p passwd ] [ -u
       user ] [ -b bodyfile ] time1 [ -time2 ]


       mactime is a  program  that  attempts  to  determine  what  files  were
       accessed  or  modified  within  a given time frame.  The information is
       either calculated on the fly (with  the  -d  flag)  or  taken  from  an
       already calculated database; see the program grave-robber)

       Format  of  the  time is typically month/date/year - e.g. 4/5/2009.  It
       requires a full four digit year, and the date must be after 1/1/1970.

       Time2 is a date that should be after time1; it makes the  program  look
       for dates in this range.


       -b file use  this  file  as an alternate "body" file (the file that has
               all the information about the file system), instead of what  is
               configured in

       -d      directory.   Scans  and  reports  on  this directory instead of
               using the existing database; e.g. does  NOT  use  the  existing
               body database file.

       -D      debugging flag.  Lots and lots of output.  You don’t want this!

       -f filename
               flag files listed in file as a different color (HTML only).

       -g group
               uses an alternate group file for printing groups.

       -h      emit some simple HTML stuff rather than plain ASCII text.

       -l      takes "last" output, sort of, as a time.  Last looks like:

                    zen       ttyp2    random.trouble.o Sat  Mar  21  16:24  -
               11:43  (19:19)

                    This  program  wants  everything from the date on; in this
               case, the:      "Sat Mar 21 16:24 - 11:43  (19:19)" bit.   Note
               that  it  calculates       the  time  the  user was on from the
               parenthesized time, not the  time       after  the  "-",  which
               doesn’t  do  multiple  days,  etc.  very well.       It doesn’t
               understand certain things  like "still logged in":

                    zen        ftp   Sun  Mar  22  13:49
               still logged in

                    And other valid last entries from last(1).

       -n      takes   normal  "date"  output,  which  looks  something  like:
                    "Tue Apr  7 17:20:43 PDT 1998"

       -p passwd
               uses an alternate password file for printing uids.

       -R      recursively go through subdirectories (only useful with the  -d

       -s      flag SUID/SGID files as a different color (HTML only).

       -t      output in time machine format

       -y      Print  year  first  to  avoid euro/US data ambiguity - normally
               stuff is MM/DD/YYYY, this does YYYY/MM/DD.

       -u user flag files owned by user as a different color (HTML only).

FILES - some global TCT defaults  and  configuration  details  (is
       perl executable code).


       grave-robber(1), stat(2V)


       Distributed  under the details found in the COPYRIGHT file found in the
       root directory of The Coroner’s Toolkit.


       dan farmer