httpd-modsec2_debug.log: Operation not permitted
smithi at nimnet.asn.au
Sat Jan 15 12:53:26 UTC 2011
On Sat, 15 Jan 2011, perryh at pluto.rain.com wrote:
> Ian Smith <smithi at nimnet.asn.au> wrote:
> > Swe, I suspect the reason you can't just delete these files is
> > likely because something has them open for writing, and the system
> > won't let you remove such files, naturally enough.
> Really? Must be a fairly recent change -- and IMO not necessarily
> a good one. For one thing, it would break one of the long-standing
> methods for ensuring that scratch files get cleaned up when a
> program exits, even under circumstances which don't allow for signal
> handlers to be run.
Hmm, on reflection you're probably right. I was thinking that removing
a file being written by a root-owned process would force that process to
fail on write and exit, but maybe that's not what's happening here.
> Last I knew having a file open, even for writing, was no protection
> against its last link being removed. The _inode_ won't go away
> until the last handle is closed, but the _directory entry_ can still
> be removed.
Accepting that, why wouldn't root be permitted to rm these files? It's
been shown that they don't have immutable, append-only or other flags
set. Clearly the filesystem is writable, if full.
I'm still curious about what fstat reveals, and it'd be extra weird if
they can't be deleted or truncated in single-user mode, eh?
More information about the freebsd-questions