Directory access denied to root user: inode hack?
Hello all,
I have an interesting problem that I can't find having been asked about anywhere. I'll be brief: root is being denied write permission to /sbin /bin /usr/sbin and /usr/bin. Now, the system was compromised, and cleaned, utilities and libraries having been replaced (by us, from CD). At first, I thought the various utilities had just been replaced by the hacker (rm, mv, and so on), but we've already replaced those. And, in fact, no writes work. Before everyone starts responding with "check the obvious" kinds of answers, let me detail what I have done (and note, the office here is a roomful of seasoned Linux admins, and we're all scratching our heads on this one). Here's a little snippet of command line efforts: Code:
homer:root> ls -ld /sbin testopen.c: -- Code:
#include <stdio.h> and got: Code:
homer:root> ./testopen /sbin/testfile Otherwise, my best guess right now is that the filesystem has been tampered with. What do you guys think? Thanks, Cengiz |
ok, it's a wild guess. the partition is mounted read-only?
|
Re: Directory access denied to root user: inode hack?
Quote:
Enjoy! --- Cerbere |
All times are GMT -5. The time now is 06:19 AM. |