On Tue, 16 May 2000, Michael H. Warfield wrote:
> Sounds to me like you have an application which is opening files
> and holding them open even after they're deleted. The free space is not
> released until the file is closed. The fact that you found the file
> system "busy" when you went to unmount it, tends to confirm that. I'm
I have written, that I have stopped not only knfsd and samba (2.0.7), but
everything but init, sh and the kernel processes (khub, kswap, raid
daemons,etc)
> not totally sure if fuser is going to pick up on just the files that
> it finds in the directory structure (missing the open but deleted inodes)
> or if it looks at the inodes that are being held open, the man page is
> not clear about that. Guess I should find that out, but I use lsof more
> than fuser. At least lsof distinctly mentions the appearance of such
> orphaned files, so I know it shows them up.
I have also ran lsof|grep <mount point> , the output was empty.
[...]
> I certainly wouldn't discount the later.
Not only have I written, that no user processes were running, but also,
that afet a reboot, an e2fsck -f did find a REAL LOT of inconsistencies!
> This makes me inclined to believe that it's more likely an
> ill-behaved application rather than an intrusion, but I would still
> sweep your system CAREFULLY from known good sources of software.
> You don't want to find yourself being an unwitting participant in
> the next DDoS attack by providing a home for a zombie...
I disagree, bacause misbehaving ap[plications do not know about bitmap
inconsistencies, or group counts, and those were that went wrong.
-- SaPE
Peter, Sasi <sape@sch.hu>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue May 23 2000 - 21:00:10 EST