[vox-tech] Mysteriously Expanding Home Directory

Rod Roark vox-tech@lists.lugod.org
Sun, 19 May 2002 01:53:43 -0700 

Hard to say... there are tons of updates for RH 7.2, and=20
doing the right stuff to apply them is nontrivial.  Up2date=20
may have gotten confused.

You should definitely make an effort to understand what's
in your log files, and which services are running and why.

-- Rod
   http://www.sunsetsystems.com/

On Saturday 18 May 2002 11:59 pm, Richard Crawford wrote:
> Here's the scoop.
>
> I'm running RH 7.2, kernel 2.4.7-10.  My box had been up and running fo=
r
> two weeks solid, no problems.  A couple of days ago I installed some
> programs using Ximian's Red Carpet program and up2date; one of the
> up2date packages was a kernel update, but I'm not sure if that's
> relevant.
>
> Hm, I also installed Open Office this morning.
>
> Today I went away for several hours.  When I came back, I found a
> message that told me my MUA (Evolution) was unable to retrieve my
> messages from my mailspool because my device was full.  Confused, I ran
> df -h and found that /home was full to capacity, at 100%.  I deleted
> some software and removed a couple of old user directories, and had the
> /home directory at 96%.  Then I went to watch a movie, and when I came
> back, /home was back up at 100%.
>
> Reluctantly I rebooted the computer, just on a whim.  The bootup proces=
s
> noted some corrupted files and I had to run fsck / as root to fix the
> broken files.  When the system was up and running again, I found that I
> had to reconfigure Evolution for some reason, as if it had lost my user
> information.  All of my mailboxes and filters as well as old e-mails an=
d
> contact and calendar information were in place still, fortunately.  I
> also ran df -h again and saw that /home is back down to 44%.
>
> I've checked the history file for root and my personal account, and
> nothing seems out of the ordinary.  I've checked "who" and "past" and
> find nothing untoward.
>
> My first thought was some sort of odd DoS attack (based only on
> something I read in one of my Linux books which suggested that a DoS
> attack could overwhelm your hard drive), but the fact that the df -h
> shows /home at 44% after rebooting suggests otherwise to my relatively
> inexperienced mind.  I've looked through my system logs and run dmesg,
> but, to be honest, I'm not entirely sure what I'm looking for.