Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Help getting rid of an iffy directory please

  1. #1
    Join Date
    Sep 2009
    Location
    UK
    Posts
    301

    Default Help getting rid of an iffy directory please

    I have a user with a directory called 'Poster ??? Copy of files'
    Clamscan said a file of the same name ( +html ) was infected and it got
    rid of it so I wanted to get rid of the folder but nothing I've tried works.
    Dolphin shows it but if you try and delete or rename it it says it isn't there.
    From the terminal you can't mv or rm -rf even if you escape the ? characters
    find . -inum 'the inode number' -delete wont as it's not empty
    sed -e 's/[^A-za-v0-9._-]/_/g' in a little script doesn't work, trying to use
    convmv didn't do anything and you can go into the directoey to see what's in there

    Any suggestions please

    Ta

    M

  2. #2
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,727
    Blog Entries
    2

    Default Re: Help getting rid of an iffy directory please

    It could be a link.
    It could have weird ownership.
    It could have weird permissions.

    Check if a directory or a link and/or who owns it and/or if it has weird "permissions": Right-click-the-mouse to see owner and permissions and the other bits.
    Leap 42.3 & 15.1(Beta) &KDE
    FYIs from the days of yore

  3. #3
    Join Date
    Sep 2009
    Location
    UK
    Posts
    301

    Default Re: Help getting rid of an iffy directory please

    They all look normal

    Ta

    M

  4. #4
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,566

    Question Re: Help getting rid of an iffy directory please

    What happens if:
    1. The GUI sessions are stopped;
    2. The Display-Manager service is stopped (either "systemctl stop display-manager.service" or simply "init 3");
    3. The Clam AV daemon is stopped -- does Clam AV have a systemd service?
    4. From a VT login as the affected user and, check the result of "file <problem file name>".

    It may be that, Clam AV has control of the file (a file which used to be a directory -- directories are also files . . . ).

    In the extreme case, you may have to shutdown to the "rescue" mode -- "systemctl rescue" -- and with the user "root" in the "most processes stopped" environment deal with the troublesome file.

  5. #5
    Join Date
    Sep 2009
    Location
    UK
    Posts
    301

    Default Re: Help getting rid of an iffy directory please

    Well, I'll go to the foot of our stairs !

    In init 3 my sed thing worked and I could get into the directory.
    Then I deleted all the files by inode and once the directory was empty
    deleted that by inode.

    It never occurred to be that it would be different.

    Many, many thanks

    Mal

  6. #6
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,566

    Question Re: Help getting rid of an iffy directory please

    @interele:
    Let's go back to the roots:
    Code:
     > mkdir 'Poster ??? Copy of files'
     > ls -ld 'Poster ??? Copy of files'
    drwxr-xr-x 2 xxx users 4096 27. Okt 10:31 Poster ??? Copy of files
     > touch 'Poster ??? Copy of files'/aaa
     > ls -l 'Poster ??? Copy of files'/
    insgesamt 0
    -rw-r--r-- 1 xxx users 0 27. Okt 10:31 aaa
     > file Poster\ \?\?\?\ Copy\ of\ files/aaa
    Poster ??? Copy of files/aaa: empty
     > echo 'Something, somewhere' >> Poster\ \?\?\?\ Copy\ of\ files/aaa
     > cat Poster\ \?\?\?\ Copy\ of\ files/aaa
    Something, somewhere
     > rm Poster\ \?\?\?\ Copy\ of\ files/aaa
     > rmdir 'Poster ??? Copy of files'
     >
    Please note that:
    1. Except for the 'mkdir' I used "bash" autocompletion (hit the <Tab> key) to generate the directory name strings.
    2. Within "bash" the >> ' << (single apostrophe) character has a special meaning:

    Words of the form $'string' are treated specially. The word expands to string, with backslash-escaped characters replaced as specified by the ANSI C standard.
    In other words when I typed "ls -ld 'Po" and then hit the <Tab> key, "bash" expanded the line to "ls -ld 'Poster ??? Copy of files'".
    On the other hand when I typed "file 'Po" and then hit the <Tab> key, "bash" first expanded the line to "file 'Poster ??? Copy of files'/" and, when I hit the <Tab> key once again, "bash" expanded the line to "file Poster\ \?\?\?\ Copy\ of\ files/aaa".

    Command Line Interpretors (CLIs) are wonderful, aren't they?

  7. #7

    Default Re: Help getting rid of an iffy directory please

    Hi interele,

    Quote Originally Posted by interele View Post
    I have a user with a directory called 'Poster ??? Copy of files'
    Clamscan said a file of the same name ( +html ) was infected and it got
    rid of it so I wanted to get rid of the folder but nothing I've tried works.
    Dolphin shows it but if you try and delete or rename it it says it isn't there.
    From the terminal you can't mv or rm -rf even if you escape the ? characters
    find . -inum 'the inode number' -delete wont as it's not empty
    sed -e 's/[^A-za-v0-9._-]/_/g' in a little script doesn't work, trying to use
    convmv didn't do anything and you can go into the directoey to see what's in there
    Perhaps the '?'-characters are not really question-marks, but something that cannot be displayed.

    The ls-command has the switch '-b' to print C-style escapes for nongraphic characters (from 'man ls').

    So, try:
    Code:
    ls -b
    in the directory that contains 'Poster ??? Copy of files' and see what characters that iffy directory name really has.

    Kind regards,

    Leen

  8. #8

    Default Re: Help getting rid of an iffy directory please

    Quote Originally Posted by interele View Post
    find . -inum 'the inode number' -delete wont as it's not empty
    Why not pass it to rm -r as an argument?
    Code:
    find . -inum [inode-number] -exec rm -ri {} \;

  9. #9
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,566

    Cool Re: Help getting rid of an iffy directory please

    Quote Originally Posted by backflip View Post
    Code:
    find . -inum [inode-number] -exec rm -ri {} \;
    For the case of the 'find' action '-exec', the golden rule is: "fully specify the command to be executed".

    IOW, first execute 'which -a rm' and then choose the "correct" 'rm' to be executed.
    For example, on this system, the 'rm' located in '/bin/' is a link to the 'rm' located in '/user/bin/' -- the 'find' action '-exec' should explicitly use the 'rm' located in '/usr/bin/'.
    Code:
    find . -inum [inode-number] -exec /usr/bin/rm -ri {} \;

    I've violated my "on the seventh day one should take a rest" rule once again today . . .

  10. #10

    Default Re: Help getting rid of an iffy directory please

    Quote Originally Posted by dcurtisfra View Post
    For the case of the 'find' action '-exec', the golden rule is: "fully specify the command to be executed"
    Why is that?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •