On Sat, 3 Dec 2005 10:42 am, René Seindal wrote: > Roberto C. Sanchez wrote (03-12-2005 00:34): <snip> > > That is because, although auth.log is gone, any file descriptors that > > were open to it are still available. Thus, until all the file > > descriptors have also been released, the file still "exists." If you > > are not certain of which applications on your system normally write to > > auth.log, your best option may be a reboot.
This leads to an interesting question - are there any tools that can reveal "lost" files - those who no-longer have an entry in the fs, but are still open? I would imagine that certain sockets and temp files would fall in this category.
