Modified /dev/null by MailScanner?

Furnish, Trever G TGFurnish at herffjones.com
Wed Jan 17 21:09:00 CET 2007


Oops.  I wrote:
> Lots of things write to /dev/null.  Having that be a special file WILL
break things  

I meant to say, "Having that be a NORMAL file..."

And to summarize my overly long original reply:

Your /dev/null has been removed by something, and then something else
created it as a normal file by writing to /dev/null.  Having /dev/null
be a normal file will cause you big problems -- you need to remove your
current /dev/null and recreate it to match whatever your system had
before.

If you're on a linux system, you probably should do:
	rm -f /dev/null
	mknod -m 666 /dev/null c 1 3
	chown root:root /dev/null

--
Trever


________________________________

	From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
Furnish, Trever G
	Sent: Wednesday, January 17, 2007 2:38 PM
	To: MailScanner discussion
	Subject: RE: Modified /dev/null by MailScanner?
	Importance: High
	
	
	Whoa!  You have a bigger problem than you think -- your ls
output shows that /dev/null has been replaced by a normal file.  The
null device is supposed to be a character special device file that
discards anything written to it.
	 
	The exact major and minor number (and potentially the
requirements to create it) are specific to your platform (Linux,
Solaris, HPUX) and possibly your kernel version.  If you're using Linux,
you probably have a manual page for "null", so see "man null".
	 
	On my Redhat Enterprise systems, /dev/null is always like so:
	# ls -l /dev/null
	crw-rw-rw-    1 root     root       1,   3 Jun 24  2004
/dev/null
	
	Notice the 'c' in the first column -- that means it's a
character special file.
	 
	Notice the "1, 3" after the group ownership -- those are the
major and minor numbers.
	 
	If you're running a linux system, you probably need to do the
following:
	rm -f /dev/null
	mknod -m 666 /dev/null c 1 3
	chown root:root /dev/null
	 
	Lots of things write to /dev/null.  Having that be a special
file WILL break things and will probably cause the / filesystem to fill
eventually.  Once /dev/null becomes completely unwriteable (as would
happen if the filesystem fills), the machine will probably not boot up
cleanly.
	 
	Back to WHY this occurred, I would not for something that
*changes* /dev/null, but rather for something that *removes* /dev/null
by mistake.  Once it's been removed, whatever attempts to write to that
file next will create a file and the ownership will be set depending on
the writing process' uid/gid/umask.
	 
	This is actually a common thing.  I used an ftp library once
that asked for a log file, and at some point I decided to discard the
logs by setting the log file to "/dev/null".  Unfortunately for me, the
library actually unlinked the log file (/dev/null) instead of just
opening it and seeking to the beginning of the file.  A few weeks after
I made the change, / was filled and lots of things started to fail.
	 
	Hope that helps,
	Trever
	 
	
	

________________________________

		From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of den gon
		Sent: Monday, January 15, 2007 9:45 PM
		To: mailscanner at lists.mailscanner.info
		Subject: Modified /dev/null by MailScanner?
		
		
		Hi again to all,
		
		I noticed that when I login on my system using non-root
account, its says
		"-bash: /dev/null: Permission denied". I checked it
permission and it owned by 
		root and smmsp. Is it the MailScanner/sendmail process
changed it? 
		
		"-rw-------    1 root     smmsp       23448 Jan 16 10:35
/dev/null"
		
		admin at server's password:
		Last login: Tue Jan 16 10:10:38 2007 from x.x.x.x
		-bash: /dev/null: Permission denied
		-bash: /dev/null: Permission denied 
		-bash: /dev/null: Permission denied
		-bash: /dev/null: Permission denied
		-bash: /dev/null: Permission denied
		-bash: /dev/null: Permission denied
		[admin at server admin]$ su -
		Password:
		[root at server root]#          
		
		Regards,
		
		ned
		



More information about the MailScanner mailing list