Anyone have any idea why I can't remove these?
~# find /var/lib/php5/ -xdev -depth -type f -size 0 -exec ls -al {} \; -exec lsattr {} \; -exec rm -rf {} \;
-rwxrwxrwx 1 root root 0 Jan 23 05:20 /var/lib/php5/165498
-------------e-- /var/lib/php5/165498
rm: cannot remove ‘/var/lib/php5/165498’: Permission denied
-rwxrwxrwx 1 root root 0 Jan 23 05:20 /var/lib/php5/217306
-------------e-- /var/lib/php5/217306
rm: cannot remove ‘/var/lib/php5/217306’: Permission denied
-rwxrwxrwx 1 root root 0 Jan 23 05:20 /var/lib/php5/275922
-------------e-- /var/lib/php5/275922
rm: cannot remove ‘/var/lib/php5/275922’: Permission denied
-rwxrwxrwx 1 root root 0 Jan 23 05:20 /var/lib/php5/148947
-------------e-- /var/lib/php5/148947
Seems like I should be able to?
~# whoami
root
fstab output
~# cat /etc/fstab
LABEL=cloudimg-rootfs / ext4 defaults 0 0
/dev/xvdb /mnt auto defaults,nobootwait,comment=cloudconfig 0 2
namei output
~# namei -mo /var/lib/php5
f: /var/lib/php5
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root lib
drwxr-xr-x root root php5
findmnt output
~# findmnt
TARGET SOURCE FSTYPE OPTIONS
/ /dev/disk/by-label/cloudimg-rootfs ext4 rw,relatime,data=ordered
├─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime
│ ├─/sys/fs/cgroup tmpfs rw,relatime,size=4k,mode=755
│ │ └─/sys/fs/cgroup/systemd systemd cgroup rw,nosuid,nodev,noexec,relatime,name=systemd
│ ├─/sys/fs/fuse/connections fusectl rw,relatime
│ ├─/sys/kernel/debug debugfs rw,relatime
│ ├─/sys/kernel/security securityfs rw,relatime
│ └─/sys/fs/pstore pstore rw,relatime
├─/proc proc proc rw,nosuid,nodev,noexec,relatime
├─/dev udev devtmpfs rw,relatime,size=1908536k,nr_inodes=477134,mode=755
│ └─/dev/pts devpts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000
├─/run tmpfs tmpfs rw,nosuid,noexec,relatime,size=383888k,mode=755
│ ├─/run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k
│ ├─/run/shm tmpfs rw,nosuid,nodev,relatime
│ └─/run/user tmpfs rw,nosuid,nodev,noexec,relatime,size=102400k,mode=755
└─/mnt /dev/xvdb ext3 rw,relatime,data=ordered
mount output
~# mount
/dev/xvda1 on / type ext4 (rw)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/cgroup type tmpfs (rw)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
none on /sys/fs/pstore type pstore (rw)
systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd)
/dev/xvdb on /mnt type ext3 (rw,_netdev)
>
EDIT: In repsonse to Dan Armstrong
selinux
~# ls -al /usr/sbin/getenforce
ls: cannot access /usr/sbin/getenforce: No such file or directory
apparmor
~# /usr/sbin/apparmor_status
apparmor module is loaded.
4 profiles are loaded.
4 profiles are in enforce mode.
/sbin/dhclient
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/connman/scripts/dhclient-script
/usr/sbin/tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
/sbin/dhclient (516)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
os version
~# cat /etc/os-release
NAME="Ubuntu"
VERSION="14.04, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04 LTS"
VERSION_ID="14.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
stop apparmor
~# /etc/init.d/apparmor stop
* Clearing AppArmor profiles cache [ OK ]
All profile caches have been cleared, but no profiles have been unloaded.
Unloading profiles will leave already running processes permanently
unconfined, which can lead to unexpected situations.
To set a process to complain mode, use the command line tool
'aa-complain'. To really tear down all profiles, run the init script
with the 'teardown' option."
retry rm
~# find /var/lib/php5/ -xdev -depth -type f -size 0 -exec ls -al {} \; -exec lsattr {} \; -exec rm -rf {} \;
-rwxrwxrwx 1 root root 0 Jan 23 05:20 /var/lib/php5/165498
-------------e-- /var/lib/php5/165498
rm: cannot remove ‘/var/lib/php5/165498’: Permission denied
Best Answer
I cannot see anything in what you posted that points to the cause. It does, however, rule out the most obvious causes.
It may be worth looking into SELinux.
Run the following to check current level of enforcement:
If it says "Enforcing", this could possibly be part of the equation. Then try temporarily disabling SELinux with:
Any difference?