[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SV: Ext3 destroying ownerships and permissions



Johan Ekenberg writes:
> Corrupted permissions have been reported mostly with files needing
> global write permissions (www-counters writable for nobody, etc) which
> have lost their special permissions. Usually they've been "reset"
> according to the normal umask (ie. getting permissions 644). On the
> other hand there might be a lot of other files whose permissions have
> changed but where it's not noticed. When a counter or a cgi-script stops
> to function it's noticed pretty quickly.

Could you give some specific examples of what the corruption looks like?
This may help to figure out where the corruption is coming from.  Does
e2fsck report corruption anywhere else in the filesystem?  If you run
debugfs on the device and "stat" an inode, does it report the same data
as when you run "ls -l" on the inode?

Like Stephen says, it is very unusual that something would corrupt only
the UID and mode.  Are you sure there are no scripts running, files
being restored from backup, or other user-space activity which might
change the UID and mode?  Nobody messing with the /etc/passwd file?

If the problem happens fairly regularly, is it possible to reproduce it
on a test server?

> > Did you have any unplanned recoveries?
> 
> On some of the servers, yes, on others, no. It doesn't seem to be
> directly related to the permission/ownership corruptions.
> 
> As mentioned earlier - on at least two occasions the kernel freaked out
> and rebooted *as soon as we started to "chown" files back* to their
> rightful owner.

Any chance that the machines have been cracked, and people are playing
games with the system?  Unlikely, but possible.

Cheers, Andreas
-- 
Andreas Dilger  \ "If a man ate a pound of pasta and a pound of antipasto,
                 \  would they cancel out, leaving him still hungry?"
http://www-mddsp.enel.ucalgary.ca/People/adilger/               -- Dogbert





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]