Возникла для меня странная ситуация.
Сервак наглухо виснет при выполнении стандартного запуска periodic daily .
После некоторого времени раскопок, выяснил, что periodic daily , вызывает periodic security, который в свою очередь вызывает ряд скриптов.
Скрипт 100.chksetuid и вводит сервак в полный ступор, после выполнения команды.
Код: Выделить всё
find -sx /usr /dev/null -type f \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+
Такая же команда, только для корня выполняется без проблем
Код: Выделить всё
# find -sx / /dev/null -type f \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+
8315 -r-sr-xr-x 1 root wheel 18696 8 апр 17:21:05 2011 /bin/rcp
8486 -r-sr-xr-x 1 root wheel 86720 8 апр 17:21:51 2011 /sbin/ipfw
8508 -r-sr-x--- 1 root operator 7496 8 апр 17:21:52 2011 /sbin/mksnap_ffs
8540 -r-sr-xr-x 1 root wheel 24312 8 апр 17:21:54 2011 /sbin/ping
8542 -r-sr-xr-x 1 root wheel 32260 8 апр 17:21:54 2011 /sbin/ping6
8569 -r-sr-x--- 1 root operator 11100 8 апр 17:21:56 2011 /sbin/shutdown
Подскажите, с чем это может быть связано? Почему find и ls могут убивать сервак?
P.S. Заранее благодарен.
Описание сервака:
ОС FreeBSD 8.2-RELEASE #0
FS - ZFSv15
Код: Выделить всё
# mount -t ufs,zfs
zroot on / (zfs, local)
zroot/tmp on /tmp (zfs, local, nosuid)
zroot/usr on /usr (zfs, local)
zroot/usr/home on /usr/home (zfs, local)
zroot/var on /var (zfs, local)
# zpool status
pool: zroot
state: ONLINE
scrub: none requested
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
gpt/disc ONLINE 0 0 0
errors: No known data errors
# df -h
Filesystem Size Used Avail Capacity Mounted on
zroot 139G 497M 139G 0% /
devfs 1.0K 1.0K 0B 100% /dev
zroot/tmp 139G 54K 139G 0% /tmp
zroot/usr 142G 2.9G 139G 2% /usr
zroot/usr/home 139G 288M 139G 0% /usr/home
zroot/var 139G 101M 139G 0% /var
devfs 1.0K 1.0K 0B 100% /var/named/dev
Код: Выделить всё
# cat /boot/loader.conf
### ZFS
zfs_load="YES"
vfs.root.mountfrom="zfs:zroot"
vfs.zfs.prefetch_disable=1
vfs.zfs.arc_max="40M"
vfs.zfs.vdev.cache.size="5M"
### EM net
hw.em.rxd=4096
hw.em.txd=4096
### MEM
#vm.kmem_size=1G
### LOGO
loader_logo="beastie"
autoboot_delay="2"
### нужно для Apache
accf_http_load="YES"
### Увеличение syncache и syncookies
net.inet.tcp.syncache.hashsize=1024
net.inet.tcp.syncache.bucketlimit=100
Код: Выделить всё
cpu I686_CPU
ident KERNEL
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
options SCHED_ULE # ULE scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options INET6 # IPv6 communications protocols
options SCTP # Stream Control Transmission Protocol
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options MD_ROOT # MD is a potential root device
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_PART_GPT # GUID Partition Tables.
options GEOM_LABEL # Provides labelization
options COMPAT_43TTY # BSD 4.3 TTY compat (sgtty)
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options COMPAT_FREEBSD6 # Compatible with FreeBSD6
options COMPAT_FREEBSD7 # Compatible with FreeBSD7
options KTRACE # ktrace(1) support
options STACK # stack(9) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options P1003_1B_SEMAPHORES # POSIX-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
options AUDIT # Security event auditing
options MAC # TrustedBSD MAC Framework
options INCLUDE_CONFIG_FILE # Include this file in kernel
options KDB # Kernel debugger related code
options KDB_TRACE # Print a stack trace for a panic
options SMP # Symmetric MultiProcessor Kernel
device apic # I/O APIC
options DUMMYNET
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=300
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPSTEALTH
options HZ=5000
options NETGRAPH
options NETGRAPH_SOCKET
options NETGRAPH_IPFW
options NETGRAPH_NETFLOW
options NETGRAPH_KSOCKET
options NETGRAPH_SPLIT
options NETGRAPH_ECHO
options NETGRAPH_ETHER
options NETGRAPH_TEE
options NETGRAPH_BPF
options NETGRAPH_IFACE
options NETGRAPH_ONE2MANY
options NETGRAPH_TTY
options NETGRAPH_UI
options NETGRAPH_TCPMSS
options NETGRAPH_VJC
options KVA_PAGES=512
options TEKEN_UTF8
options TEKEN_XTERM
device cpufreq
device acpi
device pci
device ata
device atadisk # ATA disk drives
device atapicd # ATAPI CDROM drives
options ATA_STATIC_ID # Static device numbering
device scbus # SCSI bus (required for SCSI)
device da # Direct Access (disks)
device cd # CD
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device kbdmux # keyboard multiplexer
device vga # VGA video card driver
device splash # Splash screen and screen saver support
device sc
device agp # support several AGP chipsets
device pmtimer
device uart # Generic UART driver
device de # DEC/Intel DC21x4x (``Tulip'')
device em # Intel PRO/1000 Gigabit Ethernet Family
device igb # Intel PRO/1000 PCIE Server Gigabit Family
device ixgb # Intel PRO/10GbE Ethernet Card
device le # AMD Am7900 LANCE and Am79C9xx PCnet
device ti # Alteon Networks Tigon I/II gigabit Ethernet
device txp # 3Com 3cR990 (``Typhoon'')
device vx # 3Com 3c590, 3c595 (``Vortex'')
device miibus # MII bus support
device ae # Attansic/Atheros L2 FastEthernet
device age # Attansic/Atheros L1 Gigabit Ethernet
device alc # Atheros AR8131/AR8132 Ethernet
device ale # Atheros AR8121/AR8113/AR8114 Ethernet
device bce # Broadcom BCM5706/BCM5708 Gigabit Ethernet
device bfe # Broadcom BCM440x 10/100 Ethernet
device bge # Broadcom BCM570xx Gigabit Ethernet
device dc # DEC/Intel 21143 and various workalikes
device et # Agere ET1310 10/100/Gigabit Ethernet
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device nfe # nVidia nForce MCP on-board Ethernet
device vge # VIA VT612x gigabit Ethernet
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device vlan # 802.1Q VLAN support
device tun # Packet tunnel.
device pty # BSD-style compatibility pseudo ttys
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
device firmware # firmware assist module
device bpf # Berkeley packet filter
options USB_DEBUG # enable debug msgs
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device usb # USB Bus (required)
device uhid # "Human Interface Devices"
device ukbd # Keyboard
device umass # Disks/Mass storage - Requires scbus and da
device ums # Mouse