This will be vague and also not Perl-related, but... You can enable auditing (the global setting that is turned off by default), and then set the permissions (ACLs) on the file to specify that you want to audit successful attempts to modify the file. Then you just look in the event log to see who modified the file when (only for changes to the file done /after/ you set up auditing, of course).