03-22-2011
[Jim] We have all our crons run from the same userid , and its this userids home which is seeing strange removal . We also see this early in the morning around 6:00 : meaning we have a 10 minute suspect window . We are going to log 'ps -ef' in a loop for 10 minutes on a few servers where we have most of our crons to locate the process .
Thanks for the inotify tool .
[Methyl] I guess there is an automounter used to mount the users home ( we have 40+ machines ) .
Many files disappear : what hits us the ssh , and bin/prompt : We have many tools run with this userid ( and many ssh'es to our several servers which are impacted by this )
We have looked at the crons but dont see a suspect . As mentioned above , we are now going to look at raw ps output in that 10 minute window .
I was hoping that there would be some way to monitor a directory to such an extent that one could know what process ( and from which host its run ) does something to a directory ??
( We know the userid ,the directory and we know the approx timeframe - need to find the process and machine )
10 More Discussions You Might Find Interesting
1. AIX
What would be the best approach to configure one external /home f/s in simple two node config and have concurrent access ? (1 Reply)
Discussion started by: zz2kzq
1 Replies
2. HP-UX
Hello all,
Most of our users have the same home directory, I know it's weird but it has been like this before me and we don't want to change that for now. When creating a new user using command useradd, it is not allowing me to create it because it is using the home directory of someone else. I... (2 Replies)
Discussion started by: qfwfq
2 Replies
3. Solaris
Hi Friends,,
I installed solaris 10 in vmware just now.I got a simple problem while i want to create users in /home directory.It is saying "cannot create ".So i checked the permission and then i find that the perm to user(root) is r-x.So i tried to change it to rwx using chmod but again i got a... (4 Replies)
Discussion started by: sdspawankumar
4 Replies
4. UNIX for Dummies Questions & Answers
Suse 10.3
ispconfig
Using as a web server, mail server.
I'm the only user.
These files:
/var/log/httpd/ispconfig_access_log_2008_08_28
/var/log/httpd/ispconfig_access_log_2008_08_29
vanished without a trace.
I still have older and newer files, but not these.
I have not deleted... (5 Replies)
Discussion started by: KillerDog
5 Replies
5. UNIX for Dummies Questions & Answers
I'm using HPUX 11i. The other day a user logon to the workstation and was not able to find the /home/directory (tom is the directory) I login myself and it is the same thing.
The home directory is on the server, so I was thinking of using sam to map it again. does anyone know how to do it... (5 Replies)
Discussion started by: blizzgamer
5 Replies
6. Shell Programming and Scripting
i have users home directories in /home
all the users have some files starting with character e
and i want to copy all these files in a folder in my (root) home
using a script
i tried the script
for i in m5
do
cd m5
cp e1* /home/pc/exam
cd ..
done
but get these... (3 Replies)
Discussion started by: pcrana
3 Replies
7. Solaris
Hi Guys,
I have a problem with configuring a server. this is a solaris 10 with sparc platform.
I have setup so that the server is Authenticating through NIS but I dont want the server to Mount the Home directories. The users need to logged in through the CDE/display.
I have over 200 users... (2 Replies)
Discussion started by: Luky
2 Replies
8. Cybersecurity
Hey guys,
Hmm.. I'm not quite sure where to open this. If any mod thinks this is not the place, please move it to wherever its suited :)
So,
I want to allow some trusted users to scp files into my server (to an specific user), but I do not want to give these users a home, neither ssh... (1 Reply)
Discussion started by: flpgdt
1 Replies
9. Shell Programming and Scripting
Hello guys,
I have to create a sh script which return users who have un-sanctioned(forbidden) files in their home directory.
I tried to do:
#!/bin/sh -x
SHADOW_FILE="/etc/shadow"
PASSWORD_FILE="/etc/passwd"
for i in `grep -v '^+' $PASSWORD_FILE | cut -d: -f1,6`
do
username=`echo... (6 Replies)
Discussion started by: catalint
6 Replies
10. Solaris
# ls -l
total 10
-rw-r--r-- 1 dummy2 other 140 Jun 19 21:37 local.cshrc
-rw-r--r-- 1 dummy2 other 136 Jun 19 21:37 local.cshrc~
-rw-r--r-- 1 dummy2 other 157 Jun 19 21:37 local.login
-rw-r--r-- 1 dummy2 other 178 Jun 19 21:37 local.profile... (6 Replies)
Discussion started by: chidori
6 Replies
userdel(1M) userdel(1M)
NAME
userdel - delete a user login from the system
SYNOPSIS
alternate_password_file] login
DESCRIPTION
The command deletes a user login from the system by modifying the appropriate login related files.
The command requires the login argument. login is the name to be deleted, specified as a string of printable characters. It may not con-
tain a colon or a newline
Refer to usergroupname(5) to understand the functionality changes with the Numeric User Group Name feature.
Options
recognizes the following options:
The home directory of
login is removed from the system. This directory must exist. Following the successful execution of this command, none of
the files and directories under the home directory will be available.
If a user is deleted and the home directory is shared by others, then this directory is not deleted even with the option.
Force the changes, even if the login is currently in use.
Specify that the changes are being made to the alternate
password file of NIS specified by the option. The and options should not be used with this option.
Specify the path of the alternate password file of NIS.
The option is used with the option.
In the event where a directory is shared by users of the same group and the owner of that directory is deleted, then the ownership of that
directory is propagated to the next user who is sharing that directory. The new owner is determined by looking at the order in which the
users sharing this directory are added to the file. If there is only one user remaining then the directory is brought back to unshared
mode by resetting the permissions to from
NIS
This command is aware of NIS user and group entries. Only local users and groups may be deleted or modified with this command. Attempts
to delete or modify NIS users or groups will result in an error. NIS users and groups must be administered from the NIS server. The com-
mand may fail with the error
(return value 6) if the user specified is an NIS user (see passwd(4)). The error
(return value 10) is returned if a local user belongs to an NIS group (see group(4)).
NFS
Errors may occur with the option if the affected directory is within an NFS mounted file system that does not allow root privileges across
the NFS mount, and the directory or files within the directory do not have sufficient permissions.
RETURN VALUE
exits with one of the following values:
Successful completion.
Invalid command syntax.
Invalid argument supplied to an option.
The login to be removed does not exist.
The login to be removed is in use.
Cannot modify the
file, but the login was removed from the file.
Unable to remove or modify the home directory.
Unable to open
file or file is non-existent.
file or
file busy. Another command may be modifying the file.
Cannot delete entry from
file.
Out of memory.
Invalid template file.
EXAMPLES
Remove the user from the system:
Remove the user from the system and delete home directory from the system:
WARNINGS
Because many users may try to write the file simultaneously, a password locking mechanism was devised. If this locking fails after subse-
quent retrying, terminates.
FILES
Shadow Password file
System Password file
System group file
Lock file used when updating password file
SEE ALSO
passwd(1), users(1), groupadd(1M), groupdel(1M), groupmod(1M), logins(1M), useradd(1M), usermod(1M), group(4), passwd(4), shadow(4), user-
groupname(5).
STANDARDS CONFORMANCE
userdel(1M)