Modification, Access, Change

MAC or MACtime stands for modification, access and metadata change or creation time and stands for three time stamps that are used in file systems to log file operations.

The popular name MACtime originally came from Dan Farmer , who wrote a program of the same name.

The three types of timestamps

A basic distinction is made between three values ​​and interpreted as follows:

Modification stamp (mtime)

The mtime indicates when the content of a file was last changed. However, since most file systems do not distinguish whether the content already existed or was inserted identically, a file operation with the same content in the same file overwrites the modification timestamp in the same way, although the file has not actually been changed.

Access stamp (atime)

The access stamp or atime indicates when a file was last opened to read it. A program can already open a file, but read the content later. This can lead to differences between opening and reading a file. The atime is also updated even if only a very small amount of files is read (e.g. meta information such as the height and width of an image).

Change or creation stamp (ctime)

There are fundamental differences between Windows and Unix here :

Change

Historically, the ctime is changed on Unixoid systems when the metadata of a file (e.g. rights, owner, ...) and not its actual content is changed.

Creation

On Windows-like systems the ctime is interpreted as the time of birth of a file (e.g .: This file was created on December 12, 2011 at 12:31 pm).