On Sun, 23 Feb 2003 16:43:46 -0600, Bret Hughes wrote > On Sun, 2003-02-23 at 16:17, Mike Vanecek wrote: > > On Sun, 23 Feb 2003 10:34:27 -0600, Bret Hughes wrote > > > On Sun, 2003-02-23 at 09:38, Mike Vanecek wrote: > > > > Someone has ftp'd a file to my incoming folder with the name: > > > > > > > > !! Just a Comment that you may want to READ.txt > > > > > > > > The file permissions were set as rw r r which obviously is not a good thing. > > > > Further, I am unable to less it or delete it. I did change the permissions to > > > > 000 by chmod 000 *. > > > > > > > > This is RH 7.1 running proftpd-xinetd, proftpd-1.2.2-3.5.swsoft. > > > > > > > > How to I get rid of the offending message? > > > > > > > > How do I prevent it from happening again? > > > > > > > > Thanks, Mike. > > > > > > > > > > as for the file, look at the extended attributes with lsattr I is > > > probably set with the i ( immutable) flag > > > > lsattr is not installed on my system. > > > > An ls of the directory: > > > > [EMAIL PROTECTED] incoming]# d > > total 5.0k > > drwxrwx-wT 2 ftp ftp 1.0k Feb 22 18:55 ./ > > drwxr-xr-x 4 ftp ftp 1.0k Jan 7 21:52 ../ > > -rw-r--r-- 1 ftp ftp 1.2k Feb 22 18:55 !! Just a Comment that > > you may want to READ.txt > > -rw-r--r-- 1 root root 89 Jan 7 21:54 .message > > > > The long file name with !! has prevented me from doing anything with it except > > via a wildcard *. > > > > try less '!! <hit tab> > > the single quote will stop any shell shenanigans
That is what I needed, thank. I was using double quotes (had forgotten about the importance of single quotes). Best I can tell (tripwire, chkrootkit, logs), everything is working correctly. I checked and even though the file permissions are set 644 ftp.ftp, proftpd will not let an anonymous user do a ls or get. Hence, the !! file is a pain, but not a zap (a loud exhale ...). > > > > chattr -whateverflag flag should remove whatever it is set to. > > > > chattr not installed on my system either. If it was, I do not know the syntax > > to override the long name with !! at the beginning. > > this is worrysome. on my system: > > [EMAIL PROTECTED] tmp]$ which lsattr > /usr/bin/lsattr > [EMAIL PROTECTED] tmp]$ which chattr > /usr/bin/chattr The system is a virtual domain server and uses a file system developed by SwSoft (vzfs). Hence, lsattr and chattr would not be installed since the extended file system is not installed. Thank you for helping. It was nice to have someone help focus my thoughts on what to look at. Now, I gotta try and find out the significance of drwxrwx-wT for the ./ directory. The T is for sticky or something ,,, just cannot remember. Mike. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
