Help - we lost all our files!
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Sat Jun 29 13:50:53 AEST 1991
In article <1347 at escob1.UUCP> dickson at escob1.UUCP (Dave Dickson) writes:
[ lost all files, except those of certain running executables ]
> We are reasonably certain that this was not an intruder or other
> nefarious critter, as we have a reasonably secure system (I, know,
> famous last words).
[ ... ]
> 45 3 * * * find /tmp/* /usr/tmp/* -mtime +1 -print | xargs rm -r
ln -s / /tmp/foo would achieve this effect, provided that your find
chdir()ed to the directories rather than lstat()ing them, and provided
that this is on a BSD system. Or putting the proper set of files with
embedded newlines into /tmp. Or an NFS error and some shoddy error
checking.
A much more secure version would be
find /tmp /usr/tmp -mtime +1 -print0 | xargs -0 rm -f
provided that your find has -print0 (meaning use null rather than
newline to separate names) and your xargs has -0 (meaning accept names
terminated by null, and don't do any parsing at all). I've been yelling
at vendors for years to add these options...
An even better strategy is to give users a ``tmphogs'' command which
shows the top ten /tmp users if the disk is over 90% full.
---Dan
More information about the Comp.unix.admin
mailing list