files are getting deleted automatically in user's home directory
We have a two nfs shares from EMC storage mounted. The users home directory are created over there. The files in the users home directory are getting deleted automatically every 15 days or so. I Checked and found no cron jobs running. How to find out who its getting deleted and need to fix it.
Responses
Are those shares mounted by other systems as well with "no_root_squash"? If so, then those users home directory could be accessed and modified by root of another system,, first look at the issue...
You could enable auditing on the system and add users home directories to be audited and then track it later. Another option, i could suggest is to configure aide to monitor changes on those users home directories.
If the same path is being used on multiple locations then there may be chances of files getting modified/deleted (provided proper permissions) unless separated as such like this
/shared/forclient1 <client1IP>(rw,no_root_squash)
/shared/forclient2 <client2IP>(rw,no_root_squash)
How are the shares defined in nfs server? , check the /etc/exports file. If you are sure that those files saved in the central nfs server gets removed automatically then better option is to enable auditing for those shared nfs files on all the systems which got accesss.
Guru
6435 points
When I see wording around file-persistence like "getting deleted automatically every 15 days or so", I have to wonder if someone hasn't enabled a backup service that's operating in archive mode (typically, archive backup jobs do save-and-delete where regular backup jobs just save). May not be the case here, but it's not inconsistent with such a (mis)configuration.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.