hello all,
I am working in a Hpux 11.0 64 bit environment. I am not sure if a third party software is doing this or not, but the admin to this server says it is not a server issue as he has check and double check logs and crons to verify this issue. My problem, is that every now and then, once and hour or so, the /dev/null device gets its permissions changed to read only.... As you know, this can be a big head-ache for a lot of processes and apps that use this particuar device. One major software that we are seeing a lot of incidents with is Oracle. It uses the /dev/null a lot and whenever the permissions gets changed, Oracle complains. I am also getting this message when I log into the server every now and then. So to work around this issue, the sysadmin has a cron that goes out and checks the permissions on the /dev/null device....but unfortunately cron only runs to the minute level and I need this to run at least every 3-5 seconds as we have files processing against Oracle constantly 24 X 7.....and I am not really comfortable with band aid approaches......Does anyone have any recommendations. This is starting to be a big issue for me now that this server is starting to be utilize a lot more than before...
On my HP-UX systems, I see that /dev/null is owned by bin. This means that either bin or root could change the mode. I would chown /dev/null to root and let it change modes again. If it does, you know the process was a root process.
Make sure that no one is signed on as root or su'ed to root. If it changes, either a running process or a cronjob did it.
"ls -lc /dev/root" will get the exact time of change. Check every cron job that was running during the change. The periodic nature of the problem also is pointing to a bad cron job.
My question on the file ownership changes.....since /dev/null permissions are set to rw-rw-rw and owned by bin, even if I change ownership over to root, wouldn't a process still be able to change the user level permissions on this device......to read only...and look like this afterwards, rw-rw-r--. since the user level permission is set to rw-.