[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

SV: SV: Ext3 destroying ownerships and permissions

> Could you give some specific examples of what the corruption
> looks like?
> This may help to figure out where the corruption is coming from.  Does
> e2fsck report corruption anywhere else in the filesystem?

e2fsck doesn't complain at all. No corruption reported,
the fs is marked as "clean".

> If you run debugfs on the device and "stat" an inode, does it report
> same data as when you run "ls -l" on the inode?

I'll have to get back to you on that, at this very moment I have no
"untampered" inodes to check this on. I'm no fs-wizard - any tips on
how I should run debugfs, or other tools, to get the most useful data
for you?

> Like Stephen says, it is very unusual that something would
> corrupt only
> the UID and mode.  Are you sure there are no scripts running, files
> being restored from backup, or other user-space activity which might
> change the UID and mode?

Quite sure. Nothing else has been changed but the filesystem. All
scheduled activities have remained the same as when running ext2.

> Nobody messing with the /etc/passwd file?

No. It's intact. And like I said earlier: not all the files belonging
to a user had their ownership changed, just some files. But when change
of ownership has occured it seems to happen to *all* the files under
some directory. See my earlier post for an example of what happened
to 10 users with unames f*.

> If the problem happens fairly regularly, is it possible to
> reproduce it on a test server?

So far we haven't been able to see any regularity or pattern to the
events. It might be there, but in that case it remains to be discovered.

> Any chance that the machines have been cracked, and people are playing
> games with the system?  Unlikely, but possible.

Like you said - unlikely but possible. I'd be making a fool of myself
that our machines can't be hacked, but we've seen no other signs of
behaviour. The machines are kept well updated, no unused or unnecessary
are running. Testing for troyans like lion-worm etc give no warnings.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]