Date: Fri, 17 Aug 2007 13:59:06 +0200 From: Jonathan McKeown <jonathan+freebsd-questions@hst.org.za> To: freebsd-questions@freebsd.org Subject: Re: curious root find running Message-ID: <200708171359.06464.jonathan%2Bfreebsd-questions@hst.org.za> In-Reply-To: <6.0.0.22.2.20070817063356.026581f8@mail.computinginnovations.com> References: <20070817101935.GA1064@localhost.gateway.2wire.net> <6.0.0.22.2.20070817063356.026581f8@mail.computinginnovations.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 17 August 2007 13:34, Derek Ragona wrote: > At 05:19 AM 8/17/2007, brad clawsie wrote: > >hi > > > >while sitting at my computer tonight i noticed a great deal of disk > >activity. i found that this process was running: > > > >$ ps -auxwww 1463 > >USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND > >root 1463 4.3 0.1 1876 1404 ?? D 3:01AM 0:07.26 find /usr > >-xdev -type f ( -perm -u+x -or -perm -g+x -or -perm -o+x ) ( -perm > >-u+s -or -perm -g+s ) -print0 > > > >any idea why this is running? is it part of a sanctioned background > >process? > > Check your cron jobs. It is likely part of a rebuild of the locate > database. I don't want to be rude, and this just happens to be the message I'm responding to with a more general gripe, but there does seem to be quite a lot of guessing in answers on this list over the last few days, which isn't perhaps as helpful as it's intended to be. This is nothing to do with locate(1) - it's a find command looking in /usr for executable files (the first set of parens) which have the suid or sgid bits set (the second set of params). It's part of the daily security check carried out by periodic(8), as unexpected suid/sgid executables can be security holes. Jonathan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708171359.06464.jonathan%2Bfreebsd-questions>