[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Cron.Daily Message
- Subject: RE: [cobalt-users] Cron.Daily Message
- From: "Jolley, Carl" <Carl.Jolley@xxxxxxx>
- Date: Fri Aug 16 10:55:02 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
-----Original Message-----
From: Bob G7 [mailto:Bob_G7@xxxxxxxxxx]
Sent: Friday, August 16, 2002 6:17 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] Cron.Daily Message
> > For the past few days I have been getting this message in my email from
> > cron.daily:
> >
> > /usr/bin/find: //proc/6/fd: Permission denied
> > /usr/bin/find: //proc/6/fd: Permission denied
> >
> > I have a feeling it has something to do with having
> chkrootkit.sh running at
> > 04:00 but can't seem to find a reason.
>
> Yep, same here. Indeed chkrootkit in cron.
>
> > know how to stop this error?
>
> Not yet. Haven't found a solution in the archives. Solution is
> very welcome.
Here is a reply from the chkrootkit.org people:
if you try this command: "find /proc" you have get same
message, "fd" is your floppy drive and if not have diskette
on unit, you get this message.
So I tried something. As root, in /etc created a new directory called
cron.special, moved chkrootkit.sh from cron.daily the cron.special. Added
cron.special to crontab to run at 05:00. Unfortunately, that didn't solve
the problem, still getting the error. Will keep digging and see what I come
up with.
------------------
Then the chkrootkit.org people are feeding you a line of absolute
Bull-crap! The /proc/6/fd has absolutely noting to do with a flopply disk.
The /proc/*/fd directory is the directory that holds all of a PID's file
descriptors in the /proc device. I.E. /proc/$$/fd will be the directory of
all
our your file descriptors, /proc/1234/fd will be all the file descriptors
for
the process with the pid of 1234. To see what I mean, in a shell (not root)
type:
ls -lR /proc/$$/fd
On my Raq3, pid 6 belongs to mdrecoveryd.
The premissions for the directory /proc/6/fd on my box are: 0500 with the
uid and gid = root. However any attempt to do a ls /proc/6/fd even from root
will result in a "permission denied" error. You can however do a ls -ld
/proc/6/fd.
Remember /proc isn't a normal directory, it's a special device implemented
by
the kerne;.
The fact that this error is reported by chkrootkit when it tries to use the
find command is just a failure by the chkrootkit code to properly handle
this
condition. Of course its easier for them to say its because you don't have
a floppy disk than to make their code work correctly. No matter what you you
you won't be able to prevent this error from being produced by the
chkrootkit
code unless you modify their code, i.e. to avoid doing a find /proc/6/fd
command
or doing it and getting the error, ignoring it.