It appears during the overnight run on a production sun server the authorized_keys file was modified and the file size changed. Is there a way to determine who modified this file?