Here is one for you . . .
We have several Redhat Enterprise 3 boxes with NIS, NFS, and the automounter running. Every so often in one particular automounted directory, directories with names matching executables will show up owned by root. Below is a sample listing of some of the directories:
dr-xr-xr-x 2 root root 4096 Feb 9 13:07 df
dr-xr-xr-x 2 root root 4096 Feb 10 12:56 file-roller
dr-xr-xr-x 2 root root 4096 Feb 16 14:03 metacity
dr-xr-xr-x 2 root root 4096 Feb 9 12:17 nautilus
dr-xr-xr-x 2 root root 4096 Feb 9 07:23 sh
Notice they are not created all at the same time. The "shell command" directories like df and sh don't seem to cause much of a problem. But things go downhill fact when the ones like metacity and nautilus show up, mostly because users have this directory in their search path. These bogus directories are empty, but they are found first because of people PATHs and the real executable are not found.
At first I thought this was a problem due to the browsing, or ghost, feature of the automounter; mostly because I saw the automount requests for the directories in the /var/log/messages file. I turned off the ghost option and things stablized for about week. The problem has come back with a vengence this week and no changes have been made to re-enable the ghosting feature of the automounter.
I have no idea how to track what application or package is requesting these mounts via the automounter. How can I find this out?
I delete the directories but the keep coming back!
HELP!!!! Any idea are welcome.