topic Re: Root full query in Operating System - HP-UX

Root full query

Tim O'Connell — Tue, 28 Nov 2006 10:15:10 GMT

Made a bit of a mistake today but luckily was able to get out of it. I mistakenly copied a large file to / which caused root filesystem to become full. I had logged out of my session when I discovered this & was unable to log back in either on a telnet session or on the console. We have ftp so secure that I was unable to do anything with that. Luckily one of our users had a session open & I was able to talk him thru' deleting the file I copied. My question is : If I couldnt find a user with a telnet session open, would I have had to boot to single user mode to resolve the question or is there another way around this.

Tim

Re: Root full query

Pete Randall — Tue, 28 Nov 2006 10:19:14 GMT

Tim,

No, those are pretty much your only choices: find someone logged in or boot to single-user.

Pete

Re: Root full query

Coolmar — Tue, 28 Nov 2006 10:25:14 GMT

Yes, you would have gone to single-user if you had not found anyone with a session already open. Good thing you found that person!

Re: Root full query

Tim O'Connell — Tue, 28 Nov 2006 10:34:42 GMT

Thanks. Points assigned

Re: Root full query

A. Clay Stephenson — Tue, 28 Nov 2006 10:39:37 GMT

Now the bad news is how a regular user was able to delete a file under /. This implies that you have world-write permissions set on the / directory --- and this is a huge security risk.

Remove those permissions on / and get in the habit of only su'ing to root when it is absolutely necessary and reverting to regular user status as soon as your critical task is done and you will go a long way in making it difficult for you to be your own worst enemy.

Re: Root full query

Steven E. Protter — Tue, 28 Nov 2006 10:43:20 GMT

Shalom,

There is another possibly insidious space user.

mkdir /fun
Copy a 50MB file into it.

mount a filesystem on it.

Space is used, files unvisible.

Single user is required to fix this kind of problem.

The security issue written above needs immediate attention.

SEP

Re: Root full query

Tim O'Connell — Thu, 30 Nov 2006 04:24:49 GMT

Thanks, Stephen

That reminds me of a problem we had many years ago where we had a directory called /backup which was mounted on a RW Optical disk. The disk used to be unmounted every night & stored in a safe & then remounted the following morning. One morning I was late for work & someone ran a backup prior to the disk being loaded. I came in, mounted the disk & shortly after discovered root full. Took me a long time to sort it but something I will never forget.

Tim

Re: Root full query

Tim O'Connell — Thu, 30 Nov 2006 04:31:08 GMT

Stephen,

10 points assigned for jogging my memory.

Tim