On 07/19/15 09:17, jd1008 wrote: > debugfs -R 'ncheck 47972353' /dev/sda3 2>/dev/null > Inode Pathname > 47972353 //root > > So, why is it trying to do that? > I am not logged in as root. > > How can I find out the process(es) that spawned sh > to access /root?
OK, so you have determined that the path being accessed and cited by the alert is /root. Don't know if the process is still around, but supposedly it was pid=6476. -- If I wanted a blog or social media I'd go elsewhere -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
