From owner-freebsd-questions@FreeBSD.ORG Thu Jul 3 11:02:05 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8BB96A2A for ; Thu, 3 Jul 2014 11:02:05 +0000 (UTC) Received: from mail-la0-x22d.google.com (mail-la0-x22d.google.com [IPv6:2a00:1450:4010:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 12FE729C3 for ; Thu, 3 Jul 2014 11:02:04 +0000 (UTC) Received: by mail-la0-f45.google.com with SMTP id hr17so27386lab.4 for ; Thu, 03 Jul 2014 04:02:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=kVuaWozil4+mp2QPTLBlXtmURi3784ST4lhIVeCAbvM=; b=ZsAo3VIzx4N9cPrVKJw1V9IPbooXiownsWhC11dFh4t8NImU5vkZSZNL5xIv/Dt9I1 XaVCVvSnixCy9LbgS/PaAIH0IoX5Lu1qHBGxLcwu7+XyfXTmIkHtFfjCdPtEfKq0UqOJ +QUNnMdgR1OnqODl3G+0kyx49fGTH6Hub3AJtZEzXDGtel2v0F+jKQpPa/+Mkx+Dp9gL 4QQWLvD5Ub8YNpHotfQF4mLVWMvdDh0QvzsBhw4EjuJrA+9mZoK4kf7SFAuONbJG2gwd f95A/oNJuPbi5WUNNlVzOq1ePw2z4uZHBy6Ty2kYM+7q4hPHaZkQWKEkOkjzeVzNuKQp tjWQ== X-Received: by 10.152.6.74 with SMTP id y10mr366807lay.89.1404385322940; Thu, 03 Jul 2014 04:02:02 -0700 (PDT) Received: from lazlar.no-ip.biz (109.58.144.186.bredband.tre.se. [109.58.144.186]) by mx.google.com with ESMTPSA id tv3sm35569664lbb.49.2014.07.03.04.02.01 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 03 Jul 2014 04:02:02 -0700 (PDT) Message-ID: <53B53829.3010403@gmail.com> Date: Thu, 03 Jul 2014 13:02:01 +0200 From: Rolf Nielsen User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Security Warning References: <20140703055740.0f94e5e1@scorpio> <53B53096.3070600@freebsd.org> <20140703064754.78407425@scorpio> In-Reply-To: <20140703064754.78407425@scorpio> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 11:02:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-07-03 12:47, Jerry wrote: > On Thu, 03 Jul 2014 11:29:42 +0100, Matthew Seaman stated: > >> On 07/03/14 10:57, Jerry wrote: >>> Thu, 3 Jul 2014 05:55:05 -0400 >>> >>> FreeBSD-10 / amd64 >>> >>> Every morning I receive a security email with the following >>> notations: >>> >>> Checking setuid files and devices: find: >>> /usr/share/groff_font/devX100/CI: Bad file descriptor find: >>> /usr/share/groff_font/devX100/S: Bad file descriptor >>> >>> Checking negative group permissions: find: >>> /usr/share/groff_font/devX100/CI: Bad file descriptor find: >>> /usr/share/groff_font/devX100/S: Bad file descriptor >>> >>> Is there something seriously wrong here, or can I safely ignore >>> it? >>> >> >> What do you see if you try and read the contents of those files? >> Smells like a filesystem problem to me, in which case you should >> unmount that partition (given it's /usr that implies taking the >> system down to single user mode) and run fsck against it >> repeatedly until fsck tells you the filesystem is clean. >> >> I'm assuming this is a UFS system -- if it's ZFS then none of the >> above applies, but also, you probably wouldn't see an error like >> that either. >> >> Cheers, >> >> Matthew > > If I try to read them, I just get: "Bad file descriptor" > > Okay, do I restart the system in single user mode and then run: > "fsck-f" until I don't receive any errors, or do I begin with: > "umount -af" first? I am assuming I do not umount "root" (use the > -A flag). > In single user, only / is mounted, and it is mounted read only. You shouldn't need to run umount. I'd run fsck -fyt ufs /usr (provided /usr is a separate filesystem, otherwise substitute the fs where /usr resides for /usr). The -t ufs may not be needed, but it won't hurt. Rolf -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJTtTgpAAoJEB1OKfQ0M8TgdX0P/ipeh51nB1SI35fLiOmPed/D HTy4t23y8NQnWUxD/Q+byTJL+ozQ008j1VuHa7V/Y+p5TDuQaC1UCR/ohKl3o7HH eTKv6JfOOYXnrDiegl0o0IXqhSfY2YXZhEYuTYTjGoVcn2sVYpvWwhIbA/zfDYgb qAZOtArChgN+VvSi/lfaXMM7piKeWxy9H7IYEq0H3cdltO+Trp7oj28Mho/e5OwD yHsb0mnPqY3GZ0M1gHk0idov3lsXCwP9/pZ81Kd8IwiKuwoPiZ95MBtMGY9LplwR 39NRAouSs5zF7pxNgLWfHbct5tL6WiIqRPkOd5oMlD5dBm++/0XZufQMwiSOPNs3 jfJfFMGOxPiQpOifcLgm4DErd669uxqEytc7fkmrC3jgZ2C94VEZRV2S3mpMjy70 Do9h6l6m+InIxE5HCIbK3Yw3hXhRs7wcHHER4lFOkRx+9z2yNpNYDVIJzToxckNX izIFdXFbL+F3tjgZrl1s0t/jKZxFO2FozO9+MZ/01whLlw2a1BjkEF6Eh2llWAGn X2OamJhIQ23iJlYZ0LSK6BrIr5wqvoVABXSVAXxe7AykYt4UQp1r668nWMMgWilz 1APC1zsDbY4m76MyLejerRx3mfMdneeBWarfD/pNRsU73oXMqIjfmcEGmaceKGxL IHJNbaGMEMe1bj9GZctH =QhRO -----END PGP SIGNATURE-----