During a routine trawl through the ext3 files, I found some astronomical file sizes, billions and billions of GB. They also has strange user and group names. I can not delete these "weird files" (the term used by the operating system utilities).
Here are a few examples. The original files were created on Windoze 98 version 2 circa 2001.
lsattr: Operation not supported While reading flags on .....
stat ....... A "normal" file looks this this example:
The problem files look like this:
rm: cannot remove `00002437': Operation not permitted
However using 'lsattr 00002437' to expose the flags, then removing the flags with 'chattr -{flag) 00002437' eventually permitted me to delete the file with 'rm 00002437'.
The remaining two files appear un-touchable.
lsattr 00002435 lsattr: Operation not supported While reading flags on 00002435
chattr -a 00002434.thm ('a' was a random choice) chattr: Operation not supported while reading flags on 00002434.thm
find . -inum 2411959 -exec rm -i {} ; rm: remove weird file `./00002435'? y rm: cannot remove `./00002435': Operation not permitted
All advice, except to transfer everything to a new partition then reformat the bad partition (which I will do eventually), appreciated.
After unmounting filesystem (assuming this is one of filesystems you can not run fsck when it is mounted) and running fsck as Steven suggested, try to delete files in question (if they are still present). If they still resist, there may be immutable bit that got set somehow, you will need to use chattr command then to unset it first, then you should be able to delete files.
Good luck.
Valeri
On Sat, September 13, 2014 12:20 pm, Always Learning wrote:
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Thank you to Steven and to Valeri for an excellent idea.
The fsck cured the problem. The problem files were removed by fsck during its recovery/rectification.
Thanks again.
Paul. England, EU
Good luck for Scotland's Independence !
On Sun, Sep 14, 2014, Always Learning wrote:
The first thing you should do when you find files or directories is use 'lsattr' to check the attributes. In particular look for the 'i' attribute which marks the entry as immutable. A favorite trick of crackers is to put their own versions of commands such as /bin/ps, /bin/ls, /usr/bin/find, etc. to hide their activity.
You can use the 'chattr' command to change the attributes with something like 'chattr -i /bin/ps' to remove immutable attribute. If there are multiple attributes shown by the 'lsattr' command, simply add them like 'chattr -iAs /bin/ps'. It also takes the -R option to run recursively through a directory.
Bill
On 2014-09-14, Bill Campbell centos@celestial.com wrote:
The OP already did that.
You can use the 'chattr' command to change the attributes with something like 'chattr -i /bin/ps' to remove immutable attribute.
The OP tried chattr, and reported that it failed for certain files. This is why other people suggested an fsck; these are both indicators of a damaged filesystem.
--keith
-
Always Learning -
Bill Campbell -
Keith Keller -
Steven Stern -
Valeri Galtsev