Thanks for the ideas, people.
I'll start with a simple sticky subdir containing files owned by most
probable users (tks, Oron & Guy). With some luck, that might narrow down
the 'who did it' and perhaps the 'from where' too (of course, it might
never happen again so I'll never know).
now, for some replys:
guy keren wrote:
>
>you said "most of the content". not "all of the content". did you try to
>analyze what WSN'T erased and see if it teaches you anything?
>
Right. I did, but did not gain any significant insight. I suspect that
the subdirs left were the most recently updated ones, but I could not
verify that (all the rest was deleted...), and it did not make much
sense anyway.
guy keren wrote:
>
> regarding this tracing - if it's a new enough system and has selinux, you
> might be able to put a file there, and tell selinux that it cannot be
> deleted. ofcourse, this requires root access, and selinux rules are not
Oron Peled wrote:
>
> Well, if it's open source you can certainly patch this functionality
> into it...
No root on server. Can't risk disturbing it's operation. OS is probably
solaris.
For client side tweaking, you'd need to effect ALL machines, so I'd be
disturbing operation again.
Ehud Karni wrote:
> I think it is more likely to be "rm -rf ${envar}*" with empty `$envar',
This reminds me of a funny variant that actually happened to me long
time ago (was certainly NOT
funny for me at the time).
I was trying to access the new powerful unix machine from a mainframe
terminal (a real one), using some kind
of (vt100 emulation?) program (you have to understand this prog was a
wonder - 3270 terminals work in
a completely different way - e.g. handle all typing themselves and only
talk to the host when you
press enter).
I was using the terminal to compile and run progs which I had put on my
homedir via FTP, then had a strange idea -
why not try using emacs? It did not work very well, so I went back to
good-old ISPF + FTP, to fix my failed attempts.
However, when I went back to the shell, I found a few new files with
names ending with "~" (emacs backup files).
Well, we can't have all that nonesense on my homepage right? "rm *~"
should clean this up, no? Sure, but...
What I did not know, was that although the terminal had a full EBCDIC
charset, with the "~"s clearly visible,
some piece of software on the way did not. It completely ignored
unhandled characters and did not send
any replacement to the unix side.
byebye homedir... :-O
(and keep in mind that, being a MF person, I did not have much notion of
*subdirectories* at the time. I've got a whole dataset (library) to
myself - why not put everything there...)
> (may be a misspelled env var name).
> AFAIK "rm -rf ./" does NOT work at all.
Right, of course - that would be sawing off the branch your'e sitting
on :-)
Anyway this was just an example. It might be python or even a compiled
binary.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
