HPE Community
Operating System - HP-UX
1847193 Members
4179 Online
110263 Solutions
New Discussion

Re: Root full query

 
SOLVED
Go to solution
Tim O'Connell
Regular Advisor

‎11-28-2006 02:15 AM

‎11-28-2006 02:15 AM

Root full query

Made a bit of a mistake today but luckily was able to get out of it. I mistakenly copied a large file to / which caused root filesystem to become full. I had logged out of my session when I discovered this & was unable to log back in either on a telnet session or on the console. We have ftp so secure that I was unable to do anything with that. Luckily one of our users had a session open & I was able to talk him thru' deleting the file I copied. My question is : If I couldnt find a user with a telnet session open, would I have had to boot to single user mode to resolve the question or is there another way around this.

Tim
0 Kudos
Reply
7 REPLIES 7
Pete Randall
Outstanding Contributor

‎11-28-2006 02:19 AM

‎11-28-2006 02:19 AM

Solution

Re: Root full query

Tim,

No, those are pretty much your only choices: find someone logged in or boot to single-user.


Pete

Pete
Reply
Coolmar
Esteemed Contributor

‎11-28-2006 02:25 AM

‎11-28-2006 02:25 AM

Re: Root full query

Yes, you would have gone to single-user if you had not found anyone with a session already open. Good thing you found that person!
Reply
Tim O'Connell
Regular Advisor

‎11-28-2006 02:34 AM

‎11-28-2006 02:34 AM

Re: Root full query

Thanks. Points assigned
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎11-28-2006 02:39 AM

‎11-28-2006 02:39 AM

Re: Root full query

Now the bad news is how a regular user was able to delete a file under /. This implies that you have world-write permissions set on the / directory --- and this is a huge security risk.

Remove those permissions on / and get in the habit of only su'ing to root when it is absolutely necessary and reverting to regular user status as soon as your critical task is done and you will go a long way in making it difficult for you to be your own worst enemy.
If it ain't broke, I can fix that.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-28-2006 02:43 AM

‎11-28-2006 02:43 AM

Re: Root full query

Shalom,

There is another possibly insidious space user.

mkdir /fun
Copy a 50MB file into it.

mount a filesystem on it.

Space is used, files unvisible.

Single user is required to fix this kind of problem.

The security issue written above needs immediate attention.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Tim O'Connell
Regular Advisor

‎11-29-2006 08:24 PM

‎11-29-2006 08:24 PM

Re: Root full query

Thanks, Stephen

That reminds me of a problem we had many years ago where we had a directory called /backup which was mounted on a RW Optical disk. The disk used to be unmounted every night & stored in a safe & then remounted the following morning. One morning I was late for work & someone ran a backup prior to the disk being loaded. I came in, mounted the disk & shortly after discovered root full. Took me a long time to sort it but something I will never forget.

Tim
0 Kudos
Reply
Tim O'Connell
Regular Advisor

‎11-29-2006 08:31 PM

‎11-29-2006 08:31 PM

Re: Root full query

Stephen,

10 points assigned for jogging my memory.

Tim
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.