03-21-2011
Files disappearing from /users/home
We have seen an issue whereby every morning around the same time , we see files being deleted from /users/$userid .
We have many crons and processes running across 40+ different servers .
Possibly some rogue process is doing this .
How can one isolate the process removing stuff from the users home .
The users home is mounted from all the 40 machines : Thus which machine is running the rogue process ( and what that is ) is the challenge to figure out .
All machines are Linux boxes .
Any pointers to audit scripts/tools would be appreciated .
10 More Discussions You Might Find Interesting
1. AIX
What would be the best approach to configure one external /home f/s in simple two node config and have concurrent access ? (1 Reply)
Discussion started by: zz2kzq
1 Replies
2. HP-UX
Hello all,
Most of our users have the same home directory, I know it's weird but it has been like this before me and we don't want to change that for now. When creating a new user using command useradd, it is not allowing me to create it because it is using the home directory of someone else. I... (2 Replies)
Discussion started by: qfwfq
2 Replies
3. Solaris
Hi Friends,,
I installed solaris 10 in vmware just now.I got a simple problem while i want to create users in /home directory.It is saying "cannot create ".So i checked the permission and then i find that the perm to user(root) is r-x.So i tried to change it to rwx using chmod but again i got a... (4 Replies)
Discussion started by: sdspawankumar
4 Replies
4. UNIX for Dummies Questions & Answers
Suse 10.3
ispconfig
Using as a web server, mail server.
I'm the only user.
These files:
/var/log/httpd/ispconfig_access_log_2008_08_28
/var/log/httpd/ispconfig_access_log_2008_08_29
vanished without a trace.
I still have older and newer files, but not these.
I have not deleted... (5 Replies)
Discussion started by: KillerDog
5 Replies
5. UNIX for Dummies Questions & Answers
I'm using HPUX 11i. The other day a user logon to the workstation and was not able to find the /home/directory (tom is the directory) I login myself and it is the same thing.
The home directory is on the server, so I was thinking of using sam to map it again. does anyone know how to do it... (5 Replies)
Discussion started by: blizzgamer
5 Replies
6. Shell Programming and Scripting
i have users home directories in /home
all the users have some files starting with character e
and i want to copy all these files in a folder in my (root) home
using a script
i tried the script
for i in m5
do
cd m5
cp e1* /home/pc/exam
cd ..
done
but get these... (3 Replies)
Discussion started by: pcrana
3 Replies
7. Solaris
Hi Guys,
I have a problem with configuring a server. this is a solaris 10 with sparc platform.
I have setup so that the server is Authenticating through NIS but I dont want the server to Mount the Home directories. The users need to logged in through the CDE/display.
I have over 200 users... (2 Replies)
Discussion started by: Luky
2 Replies
8. Cybersecurity
Hey guys,
Hmm.. I'm not quite sure where to open this. If any mod thinks this is not the place, please move it to wherever its suited :)
So,
I want to allow some trusted users to scp files into my server (to an specific user), but I do not want to give these users a home, neither ssh... (1 Reply)
Discussion started by: flpgdt
1 Replies
9. Shell Programming and Scripting
Hello guys,
I have to create a sh script which return users who have un-sanctioned(forbidden) files in their home directory.
I tried to do:
#!/bin/sh -x
SHADOW_FILE="/etc/shadow"
PASSWORD_FILE="/etc/passwd"
for i in `grep -v '^+' $PASSWORD_FILE | cut -d: -f1,6`
do
username=`echo... (6 Replies)
Discussion started by: catalint
6 Replies
10. Solaris
# ls -l
total 10
-rw-r--r-- 1 dummy2 other 140 Jun 19 21:37 local.cshrc
-rw-r--r-- 1 dummy2 other 136 Jun 19 21:37 local.cshrc~
-rw-r--r-- 1 dummy2 other 157 Jun 19 21:37 local.login
-rw-r--r-- 1 dummy2 other 178 Jun 19 21:37 local.profile... (6 Replies)
Discussion started by: chidori
6 Replies
RWHO(1) BSD General Commands Manual RWHO(1)
NAME
rwho -- who is logged in on local machines
SYNOPSIS
rwho [-aHq]
DESCRIPTION
The rwho command produces output similar to who(1), but for all machines on the local network. If no report has been received from a machine
for 11 minutes then rwho assumes the machine is down, and does not report the users last known to be logged into that machine.
If a user hasn't typed to the system for a minute or more, then rwho reports this idle time.
-a Include all users. By default, if a user hasn't typed to the system for an hour or more, then the user will be omitted from the
output.
-H Write column headings above the regular output.
-q ``Quick mode'': List only the names and the number of users currently logged on. When this option is used, all other options are
ignored.
FILES
/var/rwho/whod.* information about other machines
SEE ALSO
finger(1), rup(1), ruptime(1), rusers(1), who(1), rwhod(8)
HISTORY
The rwho command appeared in 4.3BSD.
BUGS
This is unwieldy when the number of machines on the local net is large.
BSD
September 30, 2005 BSD