LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 09-13-2017, 09:54 AM   #1
Gerard Lally
Senior Member
 
Registered: Sep 2009
Location: Ireland
Distribution: Slackware, Crux, NetBSD
Posts: 1,257

Rep: Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742
Tilde shell character file created in unusual directories


Occasionally I see a tilde shell character file ~ created in a directory where it shouldn't be. For example, yesterday I found one of these files, owned by root:root, in /data/virtualization/vmware/workstation-pro/
Code:
cd /data/virtualization/vmware/workstation-pro/
ls -la

total 886712
drwxr-xr-x 2 gerard gerard      4096 Sep 13 10:53 .
drwxr-xr-x 9 gerard gerard      4096 Apr  5 11:41 ..
-rwxr-xr-x 1 gerard gerard 477406292 Jun 20 06:00 VMware-Workstation-Full-12.5.7-5813279.x86_64.bundle
-rw-r--r-- 1 gerard gerard 424592328 Jun 20 05:57 VMware-workstation-full-12.5.7-5813279.exe
-rwxr-xr-x 1 gerard gerard      1095 Jan 18  2017 licence.txt
-rw-r--r-- 1 gerard gerard    826296 Jan 19  2017 workstation-pro-12-user-guide.epub
-rw-r--r-- 1 gerard gerard   1534818 Jan 19  2017 workstation-pro-12-user-guide.mobi
-rw-r--r-- 1 gerard gerard   3561443 Jan 19  2017 workstation-pro-12-user-guide.pdf
-rw------- 1 root   root        1024 Aug  5 21:04 ~
Some time ago I did create a soft link to the Workstation installer in /root, for convenience. Is this a reason the file was created? I was in /root at the time:

Code:
ln -s [installer.bundle] .
It's inconvenient because I'm not sure how to deal with this file. If I rm or mv it I lose files in /root

I don't like leaving it there either because I'm not sure if it's malicious. This has occasionally happened in other directories as well.

Advice?

Last edited by Gerard Lally; 09-13-2017 at 10:14 AM.
 
Old 09-13-2017, 10:35 AM   #2
55020
Senior Member
 
Registered: Sep 2009
Location: Yorks. W.R. 167397
Distribution: Slackware
Posts: 1,095
Blog Entries: 4

Rep: Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447
It's likely some script or application has a coding error or configuration error. '~' will be expanded and replaced by the shell with the path of "my home directory", but only when unquoted. It won't be expanded and replaced automatically when used in a pathname in any other context, such as configuring an application. The further clue is that this file is in root's home directory.

Malicious? People get panicky about that all the time, but when was the last time someone on here really had something malicious? also, whatever made that file was root; if it was truly malicious, you would have had no system since five past nine on the fifth of last month.
 
3 members found this post helpful.
Old 09-13-2017, 12:11 PM   #3
Gerard Lally
Senior Member
 
Registered: Sep 2009
Location: Ireland
Distribution: Slackware, Crux, NetBSD
Posts: 1,257

Original Poster
Rep: Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742
Quote:
Originally Posted by 55020 View Post
It's likely some script or application has a coding error or configuration error. '~' will be expanded and replaced by the shell with the path of "my home directory", but only when unquoted. It won't be expanded and replaced automatically when used in a pathname in any other context, such as configuring an application.
Well it's deleted now. I was a little hesitant to do rm \~ but on your advice I did so and it did the trick. Thanks

Quote:
The further clue is that this file is in root's home directory.
It's not. It crops up at random in various places, but never /root

Quote:
Malicious? People get panicky about that all the time, but when was the last time someone on here really had something malicious? also, whatever made that file was root; if it was truly malicious, you would have had no system since five past nine on the fifth of last month.
But a new user deleting a file named ~ in some random directory isn't going to know he's about to delete the contents of /root. That borders on malicious, to my mind. Besides, it's not really pertinent to ask when the last time someone here had something malicious. In my experience the really malicious software sits there silent, invisible and unknown. Long gone are the days attackers wanted to broadcast their presence in your system. Far more beneficial these days to fly under the radar for as long as possible.
 
Old 09-13-2017, 12:13 PM   #4
55020
Senior Member
 
Registered: Sep 2009
Location: Yorks. W.R. 167397
Distribution: Slackware
Posts: 1,095
Blog Entries: 4

Rep: Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447Reputation: 1447
pardon me; I misinterpreted "I was in /root at the time", sorry.
 
Old 09-13-2017, 01:19 PM   #5
Gerard Lally
Senior Member
 
Registered: Sep 2009
Location: Ireland
Distribution: Slackware, Crux, NetBSD
Posts: 1,257

Original Poster
Rep: Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742
Quote:
Originally Posted by 55020 View Post
pardon me; I misinterpreted "I was in /root at the time", sorry.
No worries. Although I've deleted this file now, I can't really mark the issue solved since I still don't know what's causing it.
 
Old 09-14-2017, 03:37 AM   #6
Michael Uplawski
Member
 
Registered: Dec 2015
Location: Normandy, France
Distribution: Debian stretch/sid
Posts: 515
Blog Entries: 17

Rep: Reputation: 320Reputation: 320Reputation: 320Reputation: 320
I am creating (I know that it is me) files like '?', '0', '1', '~' all the time, although I am the strongest with '?'. If it is not a script that I have bungled, it is often a command-line which is badly composed and most of the time appears to do nothing at all... On second look, a file was created because I had forgotten a bunch of options. For some weeks already, there is a an empty file '0' in my home-directory, reminding me of the correction, which is due in one of my scripts... Yeah. One of these days, I will look into that... but knowing the reason already (an ill-composed comparison with 0, the number), the task is so boring to me that I do not even care.
 
Old 09-14-2017, 06:12 AM   #7
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 9,567

Rep: Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811
As an example 3>&- will close file descriptor 3, 3>- will create a file named -. Huge amount of possibilities.....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing character device file permission which is created by driver AnkurTank Programming 1 10-28-2012 07:20 PM
[SOLVED] Using Awk on an Unusual Character? cryingthug Programming 2 01-21-2012 04:25 PM
i2c character device file not created in linux 2.6.24 on at91sam9263ek john_schimandle Linux - Kernel 5 05-27-2010 11:03 AM
I have 8 character file name, no extension files being created in my dbaseIII+ folder bonzo Linux - General 2 01-22-2004 06:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 09:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration