Modified /dev/null by MailScanner?
Furnish, Trever G
TGFurnish at herffjones.com
Wed Jan 17 21:09:00 CET 2007
Oops. I wrote:
> Lots of things write to /dev/null. Having that be a special file WILL
break things
I meant to say, "Having that be a NORMAL file..."
And to summarize my overly long original reply:
Your /dev/null has been removed by something, and then something else
created it as a normal file by writing to /dev/null. Having /dev/null
be a normal file will cause you big problems -- you need to remove your
current /dev/null and recreate it to match whatever your system had
before.
If you're on a linux system, you probably should do:
rm -f /dev/null
mknod -m 666 /dev/null c 1 3
chown root:root /dev/null
--
Trever
________________________________
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
Furnish, Trever G
Sent: Wednesday, January 17, 2007 2:38 PM
To: MailScanner discussion
Subject: RE: Modified /dev/null by MailScanner?
Importance: High
Whoa! You have a bigger problem than you think -- your ls
output shows that /dev/null has been replaced by a normal file. The
null device is supposed to be a character special device file that
discards anything written to it.
The exact major and minor number (and potentially the
requirements to create it) are specific to your platform (Linux,
Solaris, HPUX) and possibly your kernel version. If you're using Linux,
you probably have a manual page for "null", so see "man null".
On my Redhat Enterprise systems, /dev/null is always like so:
# ls -l /dev/null
crw-rw-rw- 1 root root 1, 3 Jun 24 2004
/dev/null
Notice the 'c' in the first column -- that means it's a
character special file.
Notice the "1, 3" after the group ownership -- those are the
major and minor numbers.
If you're running a linux system, you probably need to do the
following:
rm -f /dev/null
mknod -m 666 /dev/null c 1 3
chown root:root /dev/null
Lots of things write to /dev/null. Having that be a special
file WILL break things and will probably cause the / filesystem to fill
eventually. Once /dev/null becomes completely unwriteable (as would
happen if the filesystem fills), the machine will probably not boot up
cleanly.
Back to WHY this occurred, I would not for something that
*changes* /dev/null, but rather for something that *removes* /dev/null
by mistake. Once it's been removed, whatever attempts to write to that
file next will create a file and the ownership will be set depending on
the writing process' uid/gid/umask.
This is actually a common thing. I used an ftp library once
that asked for a log file, and at some point I decided to discard the
logs by setting the log file to "/dev/null". Unfortunately for me, the
library actually unlinked the log file (/dev/null) instead of just
opening it and seeking to the beginning of the file. A few weeks after
I made the change, / was filled and lots of things started to fail.
Hope that helps,
Trever
________________________________
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of den gon
Sent: Monday, January 15, 2007 9:45 PM
To: mailscanner at lists.mailscanner.info
Subject: Modified /dev/null by MailScanner?
Hi again to all,
I noticed that when I login on my system using non-root
account, its says
"-bash: /dev/null: Permission denied". I checked it
permission and it owned by
root and smmsp. Is it the MailScanner/sendmail process
changed it?
"-rw------- 1 root smmsp 23448 Jan 16 10:35
/dev/null"
admin at server's password:
Last login: Tue Jan 16 10:10:38 2007 from x.x.x.x
-bash: /dev/null: Permission denied
-bash: /dev/null: Permission denied
-bash: /dev/null: Permission denied
-bash: /dev/null: Permission denied
-bash: /dev/null: Permission denied
-bash: /dev/null: Permission denied
[admin at server admin]$ su -
Password:
[root at server root]#
Regards,
ned
More information about the MailScanner
mailing list