Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I hope this is the right forum for this question??
In what may have been a malicious attack over the NFS lan one of our file servers was brought down yesterday. When I got the server started,I found the /tmp directory was full of crud packed into three huge files, created within moments of each other, which had effectively filled the /partition. After cleaning out the rubbish, a number of services cannot start any more and it seems the OS may have been damaged as well.
Rather than spend a lot of time messing around trying to find and then repair the damage, I propose to reinstall the OS to the / partition (leaving the home partitions with all the users' files in place).
To save some time getting the new OS configured, I'd like to backup and later restore the key user files for logging in and the /etc/export file. My problem is I'm not sure which files I need to backup to restore the user logins later. I want them, of course, to reconcile with the existing user folders in the /home partition.
Could someone tell me which files I have to backup. For what its worth, the server runs CentOS3.
Thanks
First of all, have your tried and fsck on the root partition? This may resolve all of your issues. Second, when you rebuild the OS, I would put /tmp on it's own partition, any user can basically DoS you if you don't have quotas enabled and tmp isn't on it's own partition. Third, the files you'll need include (this is not an exhaustive list, I'd wait while people chime in):
To Preserve your users and permission associations:
/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow
/etc/sudoers (if you have any sudoers enabled)
smbpasswd (wherever you keep that, if you are using samba shares)
These files only address rebuilding the system and having the users available again without having to enter in passwords again etc, I'm not sure what services you're running but you'll want to backup those configuration files as well. ***CAUTION*** When you have the system rebuilt, don't just copy and paste these files in place, use the commands vipw (to add users) and vigr (to add their groups) to add the necessary users/groups without replacing system accounts. Although a new system install should mirror system accounts, I'm not completely certain of that, and if you were to just copy the files into place you might break something that you don't want to.
Mike,
Thanks for this answer. I'd never thought of putting /tmp into a separate partition. Sounds like a good idea that could have spared us a big problem. I dont know these other commands yet so I'll go look them up.
Many thanks
No problem, the other commands I mention are just the vi editor, but they lock the passwd and group files while your editing them to ensure that nobody else can make changes to the files. I forgot one other command for restoring the sudoers file: visudo, same concept as the others.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.