Hi

I have quite an impossible situation:

I got an obnoxious apache webserver that I am trying to reinstall. And after uninstalling it fully (on a Debian 6.0 system), the darn thing is still running.
Kill off the process, it gets restarted.

Ok, lets get the big guns: I go ahead and erase all executables and directories belonging to apache... and...

scary scary, the DARN THING STILL RESTARTS...

HOW?????

In my book that is quite impossible. Where is it restarting from??

I suspect that the new automatic restart daemon is responsible for this. Is there any documentation on how that works?

Cheers

Markus

EDIT: Nevermind.

How can apachectl still be installed if I removed all the executables??

What does actually restart the apache server (or any daemon) automatically when it crashes (or gets killed by signal)?
I know that many people must be having this problem with obnoxious daemons that just won't stay dead after you shoot them in the head ;-)

It is good to finally have auto restart, but this is the dark side of it.

Does Linux cache executables in memory, even after the program has been removed from the harddisk?

any of these return interesting results? like a secondary installation?

If your system has locate on it, run updatedb and then do a locate httpd and locate apache. That will find everything for ya... I tend to use it because how fast it is due to indexing.

whereis and which httpd come up empty.
The find command also, there is no apache installed anymore on this system.
updatedb and locate report the same, nothing there.

But there it is, in the task monitor, running. I send it a term or kill signal, the processes stop and then immediately spring up again.
I erased the user that the processes are running at, with the only result that now it is running with UID 1006 instead of the user.

This darn processes got nothing, they cannot exist, they cannot get restarted on the system, yet they do. How can I get rid of them without restarting the whole box? Where are these executables launched from?
Is this maybe a sign of a rootkitted system?

Have you looked at /etc/inittab - respawn cmd http://linux.about.com/od/commands/l...l5_inittab.htm. Unusual, but if a dedicated webserver, it may have been set that way.
Also remember that a Unix file doesn't actually get deleted until all processes that have it open have closed it or died. It's just invisible to 'ls/find/whereis' until then.