lawrence@lemmy.worldM to Comic Strips@lemmy.world · 3 months agoLinux processeslemmy.worldimagemessage-square63fedilinkarrow-up11arrow-down10
arrow-up11arrow-down1imageLinux processeslemmy.worldlawrence@lemmy.worldM to Comic Strips@lemmy.world · 3 months agomessage-square63fedilink
minus-squareRexelpitlum@discuss.tchncs.delinkfedilinkarrow-up0·3 months ago Hint ls -ld /var/log drwxrwxr-x 18 root syslog 4096 Aug 11 08:13 /var/log
minus-squarehemko@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up0·3 months agoThat seems so obvious I think we’re missing something
minus-squareRexelpitlum@discuss.tchncs.delinkfedilinkarrow-up0·3 months agoWhatever, we have a suspect. Bring in GDB to do the interrogation! And perhaps also call Nice, he can play the good cop…
minus-squarehemko@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up0·3 months agoForgive me my ignorance, but since Apache is running as root, couldn’t PHP inherit it’s permissions?
minus-squarelawrence@lemmy.worldOPMlinkfedilinkarrow-up0·3 months agoThe Apache main process runs as root. When it receives a request, it spawns a child process that doesn’t run as root. PHP runs as the same user as the Apache child process.
minus-squarejollyrogue@lemmy.mllinkfedilinkarrow-up0·3 months agoOr PHP runs in its own fastcgi like process under a different account.
minus-squareverstra@programming.devlinkfedilinkarrow-up0·3 months agoI have no clue. Root nuked the logs? Why? OOM killer does not do that.
minus-squareRexelpitlum@discuss.tchncs.delinkfedilinkarrow-up0·3 months agoWell, there is only one who could have erased all traces of the SIGKILL… And only the SIGKILLER would have had reason to do so…
minus-squareverstra@programming.devlinkfedilinkarrow-up0·3 months agoAhh ok, so it is the obvious one.
Hint
ls -ld /var/log drwxrwxr-x 18 root syslog 4096 Aug 11 08:13 /var/logThat seems so obvious I think we’re missing something
Whatever, we have a suspect.
Bring in GDB to do the interrogation! And perhaps also call Nice, he can play the good cop…
Forgive me my ignorance, but since Apache is running as root, couldn’t PHP inherit it’s permissions?
The Apache main process runs as root. When it receives a request, it spawns a child process that doesn’t run as root. PHP runs as the same user as the Apache child process.
Or PHP runs in its own fastcgi like process under a different account.
I have no clue. Root nuked the logs? Why? OOM killer does not do that.
Well, there is only one who could have erased all traces of the SIGKILL…
And only the SIGKILLER would have had reason to do so…
Ahh ok, so it is the obvious one.