LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-14-2013, 09:57 AM   #1
linuxandtsm
Member
 
Registered: May 2011
Posts: 194

Rep: Reputation: Disabled
A find process taking up CPU (su nobody -s /bin/sh -c /usr/bin/find /)


Hi all,

There is a find process running and taking up CPU and user is not happy with this.

Code:
# ps -ef|grep nobody
nobody    3772     1  0 May24 ?        00:00:00 /usr/sbin/gmond
root     12238 12230  0 09:30 ?        00:00:00 /bin/sh /usr/bin/updatedb --localuser=nobody --prunepaths=/mnt /cdrom /tmp /usr/tmp /var/tmp /var/spool /proc /media /sys
root     12258 12238  0 09:30 ?        00:00:00 /bin/sh /usr/bin/updatedb --localuser=nobody --prunepaths=/mnt /cdrom /tmp /usr/tmp /var/tmp /var/spool /proc /media /sys
root     12266 12258  0 09:30 ?        00:00:00 su nobody -s /bin/sh -c /usr/bin/find /       \( -fstype nfs -o -fstype NFS -o -fstype nfs4 -o -fstype afs -o -fstype proc -o -fstype smbfs -o -fstype autofs -o -fstype iso9660 -o -fstype ncpfs -o -fstype coda -o -fstype devpts -o -fstype ftpfs -o -fstype devfs -o -fstype mfs -o -fstype sysfs -o -fstype shfs -o -fstype cifs -o -fstype 9P -o      -type d -regex '\(^/mnt$\)\|\(^/cdrom$\)\|\(^/tmp$\)\|\(^/usr/tmp$\)\|\(^/var/tmp$\)\|\(^/var/spool$\)\|\(^/proc$\)\|\(^/media$\)\|\(^/sys$\)' \) -prune -o -print0
nobody   12267 12266 26 09:30 ?        00:06:14 /usr/bin/find / ( -fstype nfs -o -fstype NFS -o -fstype nfs4 -o -fstype afs -o -fstype proc -o -fstype smbfs -o -fstype autofs -o -fstype iso9660 -o -fstype ncpfs -o -fstype coda -o -fstype devpts -o -fstype ftpfs -o -fstype devfs -o -fstype mfs -o -fstype sysfs -o -fstype shfs -o -fstype cifs -o -fstype 9P -o -type d -regex \(^/mnt$\)\|\(^/cdrom$\)\|\(^/tmp$\)\|\(^/usr/tmp$\)\|\(^/var/tmp$\)\|\(^/var/spool$\)\|\(^/proc$\)\|\(^/media$\)\|\(^/sys$\) ) -prune -o -print0
root     13101 12875  0 09:53 pts/3    00:00:00 grep nobody
all i can find in /var/log/messages about this process is

Code:
Jun 14 09:30:14 lnxtest su: (to nobody) root on none

I killed this process several times but it appears after sometime again. Not sure what is causing this process to run.


Please help to understand what is this process and what is triggering this process to start.

How can i disable/kill permanently this process (not sure if this should be OK)


Please help!

thanks in advance!
 
Old 06-14-2013, 11:00 AM   #2
thedaver
Member
 
Registered: Jan 2010
Posts: 65

Rep: Reputation: 21
This is part of scheduled updates to support 'locate' on your machine

See

http://www.linuxquestions.org/questi...rmance-920990/
 
Old 06-14-2013, 11:12 AM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,654

Rep: Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255
I believe it is updatedb. If you check the process tree:

nobody 12267 12266... (the find)
root 12266 12258... (the "su nobody...")
root 12258 12238... (the updatedb)


This is used to speed up searches using the "locate" utility. Doing this allows locate to bypass the filesystem search (which is slow), but the database it uses needs to be updated periodically.

The reason it runs as the user "nobody" is to eliminate any files that may be inaccessable to a user normally. That means that even if the file itself is rwxrwxrwx, that if the directory containing that file is rwx------, then only the user can access it through the directory tree - and running the find as "nobody" will block it from being added to the index file.

Normally (at least on servers that want this service) updatedb runs sometime in the middle of the night.

You might check your cron jobs and see if it is being run either too frequently or at a bad time.
 
Old 06-14-2013, 11:35 AM   #4
linuxandtsm
Member
 
Registered: May 2011
Posts: 194

Original Poster
Rep: Reputation: Disabled
thanks to both thedaver and jpollard,

jpollard - how to find the cron job that this is running from?

I do not seem to find anything from crontab -l

How to find it and how to fix it (to disable/change it to run less frequently/ change time of running etc)?

Thanks!
 
Old 06-14-2013, 11:41 AM   #5
thedaver
Member
 
Registered: Jan 2010
Posts: 65

Rep: Reputation: 21
Look in /etc/crontab/... you'll see some folders that would be daily or hourly
Most modern distros setup their cron to run everything in these folders at the appropriate interval, so that the crontab itself doesn't have to be touched so often.

There is a likely a script in hourly.d or daily.d that is named like 'locate' or 'updatedb' and should contain commands that look like what you're seeing.

you could move, remark out, chmod -x or otherwise delete such a script to prevent it's continued churn on your machine
 
Old 06-14-2013, 03:00 PM   #6
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,654

Rep: Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255
Depends on the installation.

In most, I would expect it to be in roots crontab entry. In a RH/Fedora system it is in the /etc/cron.daily in the file "mlocate.cron".
 
Old 06-14-2013, 05:07 PM   #7
linuxandtsm
Member
 
Registered: May 2011
Posts: 194

Original Poster
Rep: Reputation: Disabled
This is what i have in /etc/

Code:
# ls -ltrh /etc/ |grep cron
drwxr-xr-x  2 root   root       1 Sep 21  2007 cron.weekly
drwxr-xr-x  2 root   root       1 Sep 21  2007 cron.monthly
drwxr-xr-x  2 root   root       1 Sep 21  2007 cron.d
-rw-r--r--  1 root   root     255 Sep 21  2007 crontab
-rw-------  1 root   root      11 Sep 21  2007 cron.deny
drwxr-xr-x  2 root   root       8 Feb 14  2008 cron.hourly
drwxr-xr-x  2 root   root    4.0K Feb 15  2008 cron.daily


# ls -ltrh /etc/cron.daily/
total 52K
-rwxr-xr-x 1 root root 1.9K Sep  1  2003 suse.de-backup-rc.config
-rwxr-xr-x 1 root root  371 Sep  1  2003 suse.de-cron-local
-rwxr-xr-x 1 root root 2.1K Sep  8  2003 suse.de-backup-rpmdb
-rwxr-xr-x 1 root root  566 Jul 23  2004 suse.de-check-battery
-rwxr-xr-x 1 root root 1.3K Jul 27  2005 suse.de-clean-tmp
-rwxr-xr-x 1 root root  393 Sep 21  2007 logrotate
-rwxr-xr-x 1 root root 1.6K Sep 21  2007 suse.de-updatedb
-rwxr-xr-x 1 root root   42 Sep 21  2007 suse.de-update-preload
-rwxr--r-- 1 root root 1.2K Sep 21  2007 suse-do_mandb
-rwxr--r-- 1 root root  948 Sep 21  2007 suse-clean_catman
-rwxr-xr-x 1 root root  646 Sep 21  2007 suse.de-cyrus-imapd
-rwxr-xr-- 1 root root  672 Sep 22  2007 suse-texlive
-rwxr-xr-x 1 root root 3.1K Sep 26  2007 beagle-crawl-system

# ls -ltrh /etc/cron.hourly/
total 4.0K
-rwxr-xr-x 1 root root 71 Sep 21  2007 mcelog
is anyone of below the one responsible for this?
If so can i just move it from here?

Code:
# cd /etc/cron.daily/
/etc/cron.daily # ls -ltrh |grep update
-rwxr-xr-x 1 root root 1.6K Sep 21  2007 suse.de-updatedb
-rwxr-xr-x 1 root root   42 Sep 21  2007 suse.de-update-preload
Thanks!
 
Old 06-14-2013, 05:35 PM   #8
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,654

Rep: Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255
That should do it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Error: Cannot find 'ssh-keygen' in '/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin' venu.navat Linux - Software 3 03-08-2012 05:00 AM
/usr/bin/ld: cannot find -lm ahmed amine Linux - Software 5 07-23-2010 01:26 PM
echo $PATH = /home/g3rc4n/bin:/usr/local/bin:/usr/bin:/bin:/usr/games ? i_heart_pandas Linux - Software 7 09-18-2009 09:33 AM
Is '/usr/bin/find' reliable if '/bin/ls' has been replaced? DigaMe Linux - Security 2 11-12-2004 11:42 PM
/usr/bin/ld: cannot find -lc aa2bi Linux - Newbie 2 06-09-2004 07:32 AM


All times are GMT -5. The time now is 03:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration