A program I installed splattered files and directories in different places. I'm having to manually remove these files and directories. I know you can delete files and directories created by a user like this:
# find /home -user student -exec rm -rf {} \;
Is there a way to do the same for a program by specifying the name of the program that you want to have its files and directories removed?
As Hans-Martin Mosner said in his answer, there is no information stored that identifies what program created or modified a particular file or directory.
However, you may use find to find things that a program possibly created or modified. You may do this by first creating a "timestamp file" and then run the program. After the run, find may be asked to locate all modified files based on their timestamps in relation to the timestamp file.
Create timestamp file:
touch stamp Run program.
Run find to locate things whose modification time is newer than the timestamp file:
find / -newer stamp or, if you know what user supposedly owns the files,
find / -user someuser -newer stamp Note that the find command may take a considerable time to run unless you can narrow down the / top-level search path to a specific subdirectory where the modifications may have taken place. Also note that any pathname that the above find command produces may not have been touched by the specific program that you ran. Any number of other programs may have been running since the stamp file was created and may also have created or changed files.
If you know before you run the program, then you can mark the program set-gid to a special group.
Maybe you can do this and run it again, to see the sort of place that it puts them.
If you can make the program write the files again tracefile may be able to help you:
tracefile -ue bash -c 'seq 10 | xargs -n1 touch' https://gitlab.com/ole.tange/tangetools/-/tree/master/tracefile
No, the filesystem does not store which program created a file. You need to select them manually. If the first run of the program was very recently, you can use find to pre-select files that could possibly have been created by it.
myprogram binaries that can create files. Should each file be associated with the full path to the binary that created it? What would happen if that path was invalidated, either by removing the binary or moving the file to a new system? What if a binary replaces another with the same pathname, would you still trust the "created by" path? If you know in advance that you want to keep an eye on what a program does a kernel interface such as sysdig or SystemTap could record an audit trail (or possibly strace, but that would be slow and would require a perfect wrapper around the program to be traced and hopefully no sudo is ever run...). You would also need to consider what happens when some other program creates output under the program in question: must what any child process does also be tracked?
perl -e 'qx(echo subshell-io > foo)' An audit trail of every file touched by every program (plus other metadata, such as the user and group(s), parent pid, etc) would certainly be possible. This could however be expensive to setup, expensive to generate, and expensive to maintain. It would likely need some means of filtering records to exclude (some, but maybe not all) /tmp directory writes, to possibly roll up multiple write passwd.tmp/rename("passwd.tmp","passwd") calls into one logical operation, also how do you handle the case where the program you are interested in modifies say /etc/passwd (among many other possible shared OS files) that you probably then do not want to blindly remove when cleaning up after the program...or how do you deal with delegated I/O where your program uses dbus and then some other process due to some random not-I/O message over dbus does generate I/O elsewhere because of your program...
dnf. It was a long time ago but guess I downloaded it from here, becausednfonly shows 1anacondainstalled which must be thefedora system installerwhich is called anaconda too.