lawrence@lemmy.worldM to Comic Strips@lemmy.world · 1 month agoLinux processeslemmy.worldimagemessage-square63fedilinkarrow-up11arrow-down10
arrow-up11arrow-down1imageLinux processeslemmy.worldlawrence@lemmy.worldM to Comic Strips@lemmy.world · 1 month agomessage-square63fedilink
minus-squareRexelpitlum@discuss.tchncs.delinkfedilinkarrow-up0·1 month ago/var/log has been deleted, you say… I think we all know what this means, don’t we?
minus-squareRexelpitlum@discuss.tchncs.delinkfedilinkarrow-up0·1 month ago Hint ls -ld /var/log drwxrwxr-x 18 root syslog 4096 Aug 11 08:13 /var/log
minus-squarehemko@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up0·1 month agoThat seems so obvious I think we’re missing something
minus-squareRexelpitlum@discuss.tchncs.delinkfedilinkarrow-up0·1 month agoWhatever, we have a suspect. Bring in GDB to do the interrogation! And perhaps also call Nice, he can play the good cop…
minus-squarehemko@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up0·1 month agoForgive me my ignorance, but since Apache is running as root, couldn’t PHP inherit it’s permissions?
minus-squarelawrence@lemmy.worldOPMlinkfedilinkarrow-up0·1 month agoThe Apache main process runs as root. When it receives a request, it spawns a child process that doesn’t run as root. PHP runs as the same user as the Apache child process.
minus-squarejollyrogue@lemmy.mllinkfedilinkarrow-up0·1 month agoOr PHP runs in its own fastcgi like process under a different account.
minus-squareverstra@programming.devlinkfedilinkarrow-up0·1 month agoI have no clue. Root nuked the logs? Why? OOM killer does not do that.
minus-squareRexelpitlum@discuss.tchncs.delinkfedilinkarrow-up0·1 month agoWell, there is only one who could have erased all traces of the SIGKILL… And only the SIGKILLER would have had reason to do so…
minus-squareverstra@programming.devlinkfedilinkarrow-up0·1 month agoAhh ok, so it is the obvious one.
/var/log has been deleted, you say…
I think we all know what this means, don’t we?
Hint
ls -ld /var/log drwxrwxr-x 18 root syslog 4096 Aug 11 08:13 /var/log
That seems so obvious I think we’re missing something
Whatever, we have a suspect.
Bring in GDB to do the interrogation! And perhaps also call Nice, he can play the good cop…
Forgive me my ignorance, but since Apache is running as root, couldn’t PHP inherit it’s permissions?
The Apache main process runs as root. When it receives a request, it spawns a child process that doesn’t run as root. PHP runs as the same user as the Apache child process.
Or PHP runs in its own fastcgi like process under a different account.
I have no clue. Root nuked the logs? Why? OOM killer does not do that.
Well, there is only one who could have erased all traces of the SIGKILL…
And only the SIGKILLER would have had reason to do so…
Ahh ok, so it is the obvious one.