Linux에서 Extents 속성이 있는 파일을 삭제하는 방법 [닫기]

tag-icon tag-icon linux centos ext4
Linux에서 Extents 속성이 있는 파일을 삭제하는 방법 [닫기]

CentOS, ext4 파일 시스템에 "extents" 속성이 있는 파일이 있지만 파일을 삭제할 수 없습니다.

-------------e-- index.php

rm -f아무 작업도 수행하지 않습니다(오류 메시지도 표시되지 않음).

속성 제거를 사용해 보았지만 chattr문서에 명시된 대로 제거에서는 작동하지 않습니다 chattr.

인터넷에서 이것을 찾을 수 없습니다. 파일이 무엇인지, 파일을 삭제하는 방법은 없습니다.

strace rm -rf추적 추가

execve("/usr/bin/rm", ["rm", "-rf", "index.php"], 0x7ffeaa85f270 /* 23 vars */) = 0
brk(NULL)                               = 0x900000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbe0ed2e000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=44848, ...}) = 0
mmap(NULL, 44848, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fbe0ed23000
close(3)                                = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2156592, ...}) = 0
mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fbe0e740000
mprotect(0x7fbe0e904000, 2093056, PROT_NONE) = 0
mmap(0x7fbe0eb03000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7fbe0eb03000
mmap(0x7fbe0eb09000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fbe0eb09000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbe0ed22000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbe0ed20000
arch_prctl(ARCH_SET_FS, 0x7fbe0ed20740) = 0
access("/etc/sysconfig/strcasecmp-nonascii", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/sysconfig/strcasecmp-nonascii", F_OK) = -1 ENOENT (No such file or directory)
mprotect(0x7fbe0eb03000, 16384, PROT_READ) = 0
mprotect(0x60d000, 4096, PROT_READ)     = 0
mprotect(0x7fbe0ed2f000, 4096, PROT_READ) = 0
munmap(0x7fbe0ed23000, 44848)           = 0
brk(NULL)                               = 0x900000
brk(0x921000)                           = 0x921000
brk(NULL)                               = 0x921000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=106172832, ...}) = 0
mmap(NULL, 106172832, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fbe081fe000
close(3)                                = 0
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
lstat("/", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
newfstatat(AT_FDCWD, "index.php", {st_mode=S_IFREG|0444, st_size=4532, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlinkat(AT_FDCWD, "index.php", 0)      = 0
lseek(0, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
close(0)                                = 0
close(1)                                = 0
close(2)                                = 0
exit_group(0)                           = ?
+++ exited with 0 +++

스트레이스unlink

execve("/usr/bin/unlink", ["unlink", "index.php"], 0x7ffe5da1b8f8 /* 23 vars */) = 0
brk(NULL)                               = 0x25fe000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f6d901000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=44848, ...}) = 0
mmap(NULL, 44848, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f3f6d8f6000
close(3)                                = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2156592, ...}) = 0
mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3f6d313000
mprotect(0x7f3f6d4d7000, 2093056, PROT_NONE) = 0
mmap(0x7f3f6d6d6000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3f6d6d6000
mmap(0x7f3f6d6dc000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3f6d6dc000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f6d8f5000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f6d8f3000
arch_prctl(ARCH_SET_FS, 0x7f3f6d8f3740) = 0
access("/etc/sysconfig/strcasecmp-nonascii", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/sysconfig/strcasecmp-nonascii", F_OK) = -1 ENOENT (No such file or directory)
mprotect(0x7f3f6d6d6000, 16384, PROT_READ) = 0
mprotect(0x605000, 4096, PROT_READ)     = 0
mprotect(0x7f3f6d902000, 4096, PROT_READ) = 0
munmap(0x7f3f6d8f6000, 44848)           = 0
brk(NULL)                               = 0x25fe000
brk(0x261f000)                          = 0x261f000
brk(NULL)                               = 0x261f000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=106172832, ...}) = 0
mmap(NULL, 106172832, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f3f66dd1000
close(3)                                = 0
unlink("index.php")                     = 0
close(1)                                = 0
close(2)                                = 0
exit_group(0)                           = ?
+++ exited with 0 +++

답변1

범위 속성은 붉은 청어일 수 있습니다. 실제로 파일을 삭제하고 있었지만 (악의적인 프로세스를 통해) 너무 빨리 다시 생성되어 삭제가 효과적이라는 것을 인식하지 못했을 수도 있습니다.

관련 정보