[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

SV: SV: SV: SV: Ext3 destroying ownerships and permissions

> > Until now it has always been a users top-level directory, and ALL
> > subdirectories and files under that are affected.
> There is nothing in the filesystem itself which walks through
> directories touching all files underneath.
> There is nothing in the filesystem which treats user top-level
> directories specially, or which understands where different permission
> worlds start or stop in a directory tree.
> The filesystem on its own *cannot* explain such behaviour.  There has
> to be an application interaction.  What that interaction is is the
> important thing to find out.
> The only thing I can even imagine doing a complete rename on some uid
> to another is a change in /etc/passwd or NIS password files.

But that's not what happened. Other files belonging to the original user
in other places in the filesystem were NOT changed. This was the first
thing I checked when I first saw this problem. It's not a uid mixup
in /etc/passwd.

> You also mentioned that permissions had changed at one point.  Do you
> have examples of that?

Nothing 100% reliable. The incidents reported are almost exclusively
counters and www-boards that suddenly stopped working. Files that
had to be writeable by the webserver (nobody) let's say chmoded 777 or
666, were suddenly non writable for the webserver; 644. It's hard
to 100% make sure that what happened to these files was not in fact
that they were previously owned by nobody, but had their ownership
changed to the one of the user.

I believe that the permissions were in fact changed on these files.
But if it was a change of ownership, it was of a different kind.
This affected only single files, not directories/sub-directories and
all their underlying contents.

>  Do you have examples of what happens
> *numerically* to the uids (ignoring the usernames concerned) --- is
> there a pattern there?

501, 740, 1652, 1480, ...
No, I don't see any relevant pattern.

> In all of this, are the file contents themselves OK in every case?

It seems like that, yes.

> >   Regular backups of mail and MySQL are run periodically every 15/30
> > minutes, full/incremental backups are run nightly.
> Dump or tar/cpio?  Do the faults coincide with backup runs?


Faults don't seem to coincide with backup runs, at least not
with anything that concerns the user directories. Smaller backups
are run almost constantly on mail under /var/spool/mail and
mysql databases under /usr/local/mysql. Nothing to do with /home,
although everything is on the same partition.

> To be honest, this sounds almost inexplicable right now, so _any_
> possibly-relevant information that occurs to you would be most useful!

I understand that. One of the problems is that the faults don't seem to
be reproduceable. Now it's been two days since the last

I find the fact that the server rebooted when we started to correct
ownerships to be very very strange.

Could quota-support have some strange influense on all of this?

/Johan Ekenberg

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]