Re: root's directory corrupted

To: Jon Dowland <lists@alcopop.org>
Cc: debian-user@lists.debian.org
Subject: Re: root's directory corrupted
From: k l u r t <klurt@sp0ke.net>
Date: Wed, 7 Dec 2005 13:35:26 -0800 (PST)
Message-id: <[🔎] Pine.LNX.4.62.0512071302240.23106@rexford.dreamhost.com>
In-reply-to: <[🔎] 20051206141849.GC9647@alcopop.org>
References: <[🔎] Pine.LNX.4.62.0512051545340.14774@rexford.dreamhost.com> <[🔎] 20051206141849.GC9647@alcopop.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Tue, 6 Dec 2005, Jon Dowland wrote:

On Mon, Dec 05, 2005 at 04:03:58PM -0800, k l u r t wrote:

when i log into my desktop as root, i get the following message: No
directory, logging in with HOME=/

when i view the contents of / i see that root's directory is not
present with the exception of a file "root":
--r-s-w--wt  57413 17916 2380551563 1970-01-01 04:41 root*


Peculiar. Broken datestamp suggests some corruption; truly bizarre
permissions sets alarm-bells ringing: have you been rooted? It appears
to be a very big file. What does ls -ls think (the size on the left,
compared to the size in column 7-8)?


very peculiar indeed.

i don't believe that i've been rooted. i think the problem occurred wheni experienced a brief power outage. i ran fsck on that partition;everything seemed fine.


the file size reports to be only 12k.

i can not chmod, chgrp, or chown this "root" file; i get the
"Operation not permitted" message when trying to do so (i'm logged in
as root).


The UID and GID fields appear to be invalid too, at least locally. Do
you use NIS or anything similar?

nope, no NIS, NFS or anything to the likes - just a basic desktop setupconnected to a cable modem (no soho or nat; all services are off andiptables filtering the connect).

does anyone know what the problem is?  has anyone experienced this
problem?  what can i do to fix this?


You could create another dir, e.g. /root2 and change the /root entry in
/etc/passwd to /root2 (always be careful when editing this file);
although that isn't much of an improvement on the current situation: the
warning will go but the file will remain.

yknow, i was think of doing that, but that doesn't really solve themystery here. having a rouge root file with no access to it iskinda disturbing to me.

i went as far as booting SuperRescue (and other rescue discs) and mounting

the partition with the hopes of fscking the partition and deleting thefile; still get the "Operation not permitted" and fsck cameback as clean.

I've never seen anything like this but I think it looks fairly serious.


it is a strange one.
well, i guess it's time to put to use those backups and restoring to pre-mysterious state.

thanks for the input; every bit helps.

k l u r t
- -dazed and confused


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDl1Wqw4NVQe8rr7IRAnl2AJ0bJ5CE1cyM9MvYIBwPmOpUEzsecQCeOs3Z
0HA0Ms/g4Tyvopti0k7YEAY=
=y27/
-----END PGP SIGNATURE-----

Reply to:

References:
- root's directory corrupted
  - From: k l u r t <klurt@sp0ke.net>
- Re: root's directory corrupted
  - From: Jon Dowland <lists@alcopop.org>

Prev by Date: Re: [Cygwin <-> Debian]: rysnc hangs when backing up multiple /cygdrive/* dirs
Next by Date: Re: file not found - hardware, fs, or driver problem?
Previous by thread: Re: root's directory corrupted
Next by thread: 3rd party Madwifi packages for Debian Sarge won't build
Index(es):
- Date
- Thread