Re: Deleted auth.log

To: debian-user@lists.debian.org
Subject: Re: Deleted auth.log
From: Arafangion <thestar@fussycoder.id.au>
Date: Sat, 3 Dec 2005 09:50:28 +1100
Message-id: <[🔎] 200512030950.28951.thestar@fussycoder.id.au>
In-reply-to: <[🔎] 4390DBD0.2050707@seindal.dk>
References: <[🔎] 00ea01c5f798$6c760250$b7931581@THESEXMACHINE> <[🔎] 20051202233404.GA32054@miami.familiasanchez.net> <[🔎] 4390DBD0.2050707@seindal.dk>

On Sat, 3 Dec 2005 10:42 am, René Seindal wrote:
> Roberto C. Sanchez wrote (03-12-2005 00:34):
<snip>
> > That is because, although auth.log is gone, any file descriptors that
> > were open to it are still available.  Thus, until all the file
> > descriptors have also been released, the file still "exists."  If you
> > are not certain of which applications on your system normally write to
> > auth.log, your best option may be a reboot.

This leads to an interesting question - are there any tools that can reveal 
"lost" files - those who no-longer have an entry in the fs, but are still 
open?

I would imagine that certain sockets and temp files would fall in this 
category.

Reply to:

Follow-Ups:
- Re: Deleted auth.log
  - From: Marcello Di Marino Azevedo <marcello_dimarino@superig.com.br>
- Re: Deleted auth.log
  - From: Frank Gevaerts <frank@gevaerts.be>

References:
- Deleted auth.log
  - From: Amish Rughoonundon <axr0284@rit.edu>
- Re: Deleted auth.log
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>
- Re: Deleted auth.log
  - From: René Seindal <rene@seindal.dk>

Prev by Date: Re: Deleted auth.log
Next by Date: Re: Deleted auth.log
Previous by thread: Re: Deleted auth.log
Next by thread: Re: Deleted auth.log
Index(es):
- Date
- Thread