On Tuesday 08 November 2005 10:36, you wrote: >I'm trying to track down why /var is full, and df and du report major >differences (or else I'm reading something wrong, in which case I > submit to the verbal beatings). Pay attention to what it says for > /var. Running OpenBSD 3.8 GENERIC as a firewall. Why does df report > 8G used, and du report 9M used? What am I missing? (Don't comment on > the size of the / partition, I just realized I made a mistake there, > but there are no user accounts on this machine, and /var is on a > different partition, so I don't have to worry about log file sizes > killing the machine.)
One possible cause of this is if a process has one or more large files open on /var that have been deleted. The space from deleted files that are open at the time of deletion is not freed until the file is closed. Innocuous causes for this would be a log file that wasn't rotated properly and the logging program is holding an old log open. Malicious causes for this could include a rootkit that stores data in deleted files to hide its presence, but this is rather unlikely on OpenBSD. The lsof utility (available as a package or in ports) may help with investigating what process is holding a deleted file open, if that is really the problem. If it is, then killing or restarting the offending process should free up the space. In a worst-case scenario you could try rebooting and see if the space is freed. ------------------------------------------------------------------------ Dan Ramaley Network Programmer/Analyst (515) 271-4540 Dial Center 118, Drake University
