Search for “notify” on metacpan.org. Of likely interest: Filesys::Notify::Simple and Linux::Inotify2.

This really isn't possible to answer without more information. If it's possible to do it, then it's possible to do it in Perl. But whether it's possible depends on what permissions you have, relative to the permissions of the users you want to monitor. Do you have root access? Are you able to replace the system cp command with a wrapper that would log uses? Can you prevent them from using other commands to circumvent this, like:

$ cat file1 >file2
[download]

Have you looked at a program like Tripwire? It keeps a database of files that are on the system, and you can run it as often as you like to see what files have been created/changed/deleted. That won't tell you how they were created, whether by cp or whatever, but maybe that's not the point. If it showed a suspicious file, you might be able to look through that user's history to see how it was created.

This works, but only under very restrictive circumstances. First, the users have to include the alias (or shell function) in their .bashrc; secondly, it would not work in the scripts invoked by the users (unless they are bash scripts and also the bash script also reads .bashrc, not a very common situation). Finally, it works reliably only if the user consistently uses cp to copy the file, and not some other command (such as cat or some Perl program using File::Copy). So, in the end, it depends very much on the cooperation of the users....

-- 
Ronald Fischer <ynnor@mm.st>

First, the users have to include the alias (or shell function) in their .bashrc;

Ah, I thought there was a file like /etc/profile for per-interactive-shell startup.

Finally, it works reliably only if the user consistently uses cp to copy the file

Which is what the OP asked.

It sounds like you want to trap the system calls (section 2 in the man pages, not section 1) that can be used to copy a file, or else there are ways that you can go around whatever you set up. While it is possible, it can be difficult to do right and without significant system resources devoted to this function.

Would hard linking to a file that gets modified by a program that saves to a new file and then renames be a method to copy a file? Sure. Hard linking doesn't require the open(2) call.

If you can restrict access to the ability to write the file, it may be easier. passwd, for example, is a program that restricts edit capabilities to the system password database, and (at least in theory) only allows reasonable changes to be made.

Perhaps if you were to provide a bit more information as to what you were trying to achieve, a reasonable solution to your task could be proposed. For example, are you trying to stop a file from being copied from, or copied to? If trying to restrict copying to, perhaps a process where any change not coming from a signed commit in a source management system (git for example) gets overwritten by the latest signed commit.

(half smile mode on)