At 06:59 AM 8/17/2007, Jonathan McKeown wrote:
On Friday 17 August 2007 13:34, Derek Ragona wrote:
> At 05:19 AM 8/17/2007, brad clawsie wrote:
> >hi
> >
> >while sitting at my computer tonight i noticed a great deal of disk
> >activity. i found that this process was running:
> >
> >$ ps -auxwww 1463
> >root  1463  4.3  0.1  1876  1404  ??  D     3:01AM   0:07.26 find /usr
> >-xdev -type f ( -perm -u+x -or -perm -g+x -or -perm -o+x ) ( -perm
> >-u+s -or -perm -g+s ) -print0
> >
> >any idea why this is running? is it part of a sanctioned background
> >process?
> Check your cron jobs.  It is likely part of a rebuild of the locate
> database.

I don't want to be rude, and this just happens to be the message I'm
responding to with a more general gripe, but there does seem to be quite a
lot of guessing in answers on this list over the last few days, which isn't
perhaps as helpful as it's intended to be.

This is nothing to do with locate(1) - it's a find command looking in /usr for
executable files (the first set of parens) which have the suid or sgid bits
set (the second set of params). It's part of the daily security check carried
out by periodic(8), as unexpected suid/sgid executables can be security

I hate to be an "I told you so" but if you look in the script that rebuilds the locate database:
You will see a number of find commands.

In reality, you'd need to do:
ps -al
and follow the PID and PPID to determine what is running this find command.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to