cannot rm messages operation not permitted
I have a /var/log/messages and /var/log/syslog file that have grow to an unmanageable size (800MB). I am unable to rm, mv, or truncate these log files and receive the error "operation not permitted". I am root and I have shutoff syslogd at start up. What could possibly be preventing root from administering these logs?
I even configured my syslog.conf to write "messages" and "syslog" to temp files instead of the default /var/log/messages and /var/log/syslog respectively and this had no effect. Since then, syslog is turned off. Any help would be greatly appreciated. |
Shut down syslogd and klogd, then run 'F="/var/log/messages"; ls -alZ $F; stat $f; lsattr $F; fuser $F' to show what still has the file open and if any (extended) attributes are in use? And why 'rm' instead of the default practice of logrotating things?
|
solved...thank you
You hit the nail on the head. The lsattr showed that the -a attribute was set which allows only for the appending of the file. I changed this ( chattr +a <filename> ) and I was able to truncate the log.
I will manage the logs going forward with logrotate. I just inherited this particular server at work and it's logs were not properly managed. I have a proftpd process that writes to the log quite a bit and this would account for its massive size. I will look to also find a way to remedy the proftpd output separately. Thank you for your help. Much appreciated! |
Quote:
Quote:
|
All times are GMT -5. The time now is 06:03 AM. |