Franck, that's a very good point. I shall be asking VMware support about this. Thanks! Yuri Franck RICHARD wrote:
Hi, When you work with virtual systems, when you have the filesystem of your virtual machine corrupted, maybe you have only errors on the syslog of your Host and not on your virtual machine… The kernel of the virtual machine detect that she doesn't have anymore a write permission on the disk and switch the permissions… I'm not sure, but I have a similar case in the past with Xen De : Herta Van den Eynde [mailto:herta.vandeneynde@xxxxxxxxx] Envoyé : jeudi 27 août 2009 23:01 À : ycsapo@xxxxxxxxx Cc : Franck RICHARD; linux-admin Objet : Re: "spontaneous" permissions changes Hi Franck, That sounds like a plausible theory, but I've had my share of filesystem corruptions, and they always logged errors in syslog. Does your mileage vary? Also, if this were a filesystem corruption, could Yuri have worked passed it without a filesystem check? Kind regards, Herta 2009/8/27 Yuri Csapo <ycsapo@xxxxxxxxxxxxxxxxxx<mailto:ycsapo@xxxxxxxxxxxxxxxxxx>> Franck, that's a very good idea - I'll certainly check as soon as I can. Unfortunately I just can't umount right now. Maybe this weekend. Thanks --Yuri Franck RICHARD wrote: If the permission change to 400 (read only), it's a security when the filesystem is corrupted, to protect it. Do a check of your Filesystem, (umount, e2fsck, mount). Maybe you can find something... -----Message d'origine----- De : linux-admin-owner@xxxxxxxxxxxxxxx<mailto:linux-admin-owner@xxxxxxxxxxxxxxx> [mailto:linux-admin-owner@xxxxxxxxxxxxxxx<mailto:linux-admin-owner@xxxxxxxxxxxxxxx>] De la part de Yuri Csapo Envoyé : mercredi 26 août 2009 23:08 À : linux-admin Objet : "spontaneous" permissions changes Hi all, I have a strange situation I wish someone could help me with. This is the setup: - Virtual machine running the latest VM under ESXi - VM has one processor, 2 GB RAM, 1 GB swap - Ubuntu 8.04 LTS - The virtual host runs only this VM - Virtual host connects to a Lefthand Networks (now HP) SAN through 1 GB copper ethernet and iSCSI - VM has a 1 TB volume from the SAN that looks like a SCSI drive to Linux (/dev/sdc) - sdc is formatted as one big ext3 partition (sdc1) - sdc1 is exported both as an NFS resource and a SMB share (via Samba) - Authentication is Kerberos and authorization is local, if that matters The permissions on that partition's mount point, usually 755, changed suddenly to 400. I have looked at sudo logs, root's and all admins' history files and I can find no evidence of someone changing those permissions or of tampering with the logs. Physical access to the box requires the right keycard; logon (ssh) access to the box is restricted to sysadmins and support personel only; the root password is a 32 char long random string that lives in an encrypted repository on my iPod Touch. There are only 2 people, myself included, with full sudo rights; there are another 5 people with sudo rights to a number of administration things including chmod. This is a state university and it happened on the first day of classes. My questions: - Did I look everywhere I should be looking to find evidence of foul play? - Does anyone know of anything in this setup that could trigger a seemingly spontaneous permissions change like that? Thanks, -- Yuri Csapo Academic Computing & Networking Colorado School of Mines CT-256 Phone: (303) 273-3503 Fax: (303) 273-3475 Email: ycsapo@xxxxxxxxx<mailto:ycsapo@xxxxxxxxx> Please use the following link to open a service request: http://helpdesk.mines.edu =========================================== With a PC, I always felt limited by the software available. On Unix, I am limited only by my knowledge. --Peter J. Schoenster -- Yuri Csapo Academic Computing & Networking Colorado School of Mines CT-256 Phone: (303) 273-3503 Fax: (303) 273-3475 Email: ycsapo@xxxxxxxxx<mailto:ycsapo@xxxxxxxxx> Please use the following link to open a service request: http://helpdesk.mines.edu =========================================== With a PC, I always felt limited by the software available. On Unix, I am limited only by my knowledge. --Peter J. Schoenster -- "Life on Earth may be expensive, but it comes with a free ride around the Sun."
-- Yuri Csapo Academic Computing & Networking Colorado School of Mines CT-256 Phone: (303) 273-3503 Fax: (303) 273-3475 Email: ycsapo@xxxxxxxxx Please use the following link to open a service request: http://helpdesk.mines.edu =========================================== With a PC, I always felt limited by the software available. On Unix, I am limited only by my knowledge. --Peter J. Schoenster
begin:vcard fn:Yuri Csapo n:Csapo;Yuri org:Colorado School of Mines;CCIT email;internet:ycsapo@xxxxxxxxx title:System Administrator tel;work:(303) 273-3503 x-mozilla-html:FALSE version:2.1 end:vcard
