Re: How to catch process that removes files?

To: debian-user@lists.debian.org
Subject: Re: How to catch process that removes files?
From: "a.list.address@gmail.com" <a.list.address@gmail.com>
Date: 22 Jan 2007 14:51:48 -0800
Message-id: <[🔎] 1169506308.452045.268890@51g2000cwl.googlegroups.com>
In-reply-to: <7G8Oz-4Im-15@gated-at.bofh.it>
References: <[🔎] b2d4b0380701220652x7cf71e73m5bbab5bd95fa5442@mail.gmail.com>

lsof will show you currently open files, and of course you can pipe it
through grep.  If they aren't already opened, though, it might not
help.

I'd do a complete inventory of the files that get deleted, and then
check the permissions on all of them.  That might give you some clues.

You might also check your cron jobs.  rgrep through the /etc/cron*
directories and see if any of the missing filenames are there.

Another question is, how often does it happen?  Is it regular or
random?

You might also install tiger and see if it finds anything.  And, of
course, install logwatch and check its messages daily.  And make sure
you're getting the mail for root so you can see any warnings.  And grep
through your logs in /var/log.

Let us know if you find the culprit.

Reply to:

References:
- How to catch process that removes files?
  - From: WireSpot <wirespot@gmail.com>

Prev by Date: monodevelop in Etch
Next by Date: Re: [OT] CPU and GHz
Previous by thread: How to catch process that removes files?
Next by thread: Re: How to catch process that removes files?
Index(es):
- Date
- Thread