Find the answer to your Linux question:
Results 1 to 7 of 7
I am using Ubuntu 11.10 Gnome. I uninstalled snort in order to install a more recent version. The new installation initially failed because the system would not let be rm ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2013
    Posts
    10

    Cannot rm or chown /var/log/snort as root


    I am using Ubuntu 11.10 Gnome.

    I uninstalled snort in order to install a more recent version. The new installation initially failed because the system would not let be rm or modify /var/log/snort even as root.

    Code:
    sudo chattr -i /var/log/snort/*
    enabled me to remove the contents of /var/log/snort although the i attribute did not appear to have been set.

    However
    Code:
    sudo chattr -i /var/log/snort
    did not allow me to remove /var/log/snort itself although only the e attribute was set.

    I was able to change ownership of /var/log/snort so now I get

    Code:
    ls -ld /var/log/snort
    drwxrws--- 2 root adm 4096 2013-05-20 23:22 /var/log/snort
    rmdir /var/log/snort
    rmdir: failed to remove `/var/log/snort': Permission denied
    $ sudo rmdir /var/log/snort
    rmdir: failed to remove `/var/log/snort': Operation not permitted
    Also

    Code:
    sudo rm -rf /var/log/snort
    resulted in

    Code:
    rm: cannot remove `/var/log/snort': Operation not permitted

  2. #2
    Linux Enthusiast
    Join Date
    Jan 2005
    Location
    Saint Paul, MN
    Posts
    649
    First of all, chattr, is used to change "file system" (think formatting) and not files. To change access permissions on a file the command, "chmod", is used (for information on this use the command "man chmod". Since, /var/log/snort, is a log file for "snort", it was created owned by the user that was used by snort (which may have been removed by by the un-installing process). In that case you may need to change the "ownership" of the file (see the command "chown").

    Also if you did not stop the snort daemon, it may still have its access opened preventing it from being deleted until it is not in use.

  3. #3
    Linux Newbie
    Join Date
    Sep 2007
    Posts
    218
    For future reference, when uninstalling a pkg use 'completely remove' in synaptic or 'purge' with apt-get to remove the config files of the app you're uninstalling.

  4. #4
    Just Joined!
    Join Date
    Jan 2013
    Posts
    10
    Quote Originally Posted by alf55 View Post
    First of all, chattr, is used to change "file system" (think formatting) and not files. To change access permissions on a file the command, "chmod", is used (for information on this use the command "man chmod". Since, /var/log/snort, is a log file for "snort", it was created owned by the user that was used by snort (which may have been removed by by the un-installing process). In that case you may need to change the "ownership" of the file (see the command "chown").
    Thank you for your reply. The mode appears to give all permissions to the user. But I still cannot remove the directory.

    Code:
    peter-Inspiron-620:/var/log$ ls -ld /var/log/snort
    drwxrws--- 2 root adm 4096 2013-05-20 23:22 /var/log/snort
    peter-Inspiron-620:/var/log$ sudo rmdir /var/log/snort
    [sudo] password for peter: 
    rmdir: failed to remove `/var/log/snort': Operation not permitted
    peter-Inspiron-620:/var/log$ sudo rm -rf /var/log/snort
    rm: cannot remove `/var/log/snort': Operation not permitted
    peter-Inspiron-620:/var/log$ sudo chown peter /var/log/snort
    peter-Inspiron-620:/var/log$ ls -ld /var/log/snort
    drwxrws--- 2 peter adm 4096 2013-05-20 23:22 /var/log/snort
    peter-Inspiron-620:/var/log$ rmdir /var/log/snort
    rmdir: failed to remove `/var/log/snort': Permission denied
    peter-Inspiron-620:/var/log$ rm -rf /var/log/snort
    rm: cannot remove `/var/log/snort': Permission denied
    peter-Inspiron-620:/var/log$
    Also if you did not stop the snort daemon, it may still have its access opened preventing it from being deleted until it is not in use.
    I checked and there is no instance of a snort daemon running.

    Code:
    peter-Inspiron-620:/var/log$ ps -aux | grep snort
    Warning: bad ps syntax, perhaps a bogus '-'? 
    peter    22774  0.0  0.0   4212   764 pts/0    S+   22:12   0:00 grep --color=auto snort
    peter-Inspiron-620:/var/log$
    Also, I have the same problem when I try to delete the directory by rebooting into restore mode and using the root shell.

    Thanks,
    Peter.
    Last edited by OtagoHarbour; 05-24-2013 at 02:28 AM.

  5. #5
    Just Joined!
    Join Date
    Jan 2013
    Posts
    10
    Quote Originally Posted by fanderal View Post
    For future reference, when uninstalling a pkg use 'completely remove' in synaptic or 'purge' with apt-get to remove the config files of the app you're uninstalling.
    Maybe it's too late for me to use purge but I tried it with the following result.

    Code:
    peter-Inspiron-620:/var/log$ sudo apt-get purge snort snort-common
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    Package snort-common is not installed, so not removed
    The following packages were automatically installed and are no longer required:
      snort-rules-default oinkmaster libprelude2 snort-common-libraries
    Use 'apt-get autoremove' to remove them.
    The following packages will be REMOVED:
      snort*
    0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
    After this operation, 0 B of additional disk space will be used.
    Do you want to continue [Y/n]? Y
    (Reading database ... 402334 files and directories currently installed.)
    Removing snort ...
    Purging configuration files for snort ...
    rm: cannot remove `/var/log/snort': Operation not permitted
    dpkg: error processing snort (--purge):
     subprocess installed post-removal script returned error exit status 1
    No apport report written because MaxReports is reached already
                                                                  Errors were encountered while processing:
     snort
    E: Sub-process /usr/bin/dpkg returned an error code (1)
    peter-Inspiron-620:/var/log$
    Thanks,
    Peter.

  6. #6
    Just Joined!
    Join Date
    Feb 2013
    Posts
    2
    You can look for the current instances for the directory, lsof +d /var/log/snort or might be the another process accessing the same file /var/log/snort
    due to which you are unable to remove the files.

  7. #7
    Just Joined!
    Join Date
    Apr 2013
    Posts
    69
    Quote Originally Posted by OtagoHarbour View Post
    I am using Ubuntu 11.10 Gnome.

    I uninstalled snort in order to install a more recent version. The new installation initially failed because the system would not let be rm or modify /var/log/snort even as root.

    ...
    Let the directory unchanged, and try to re-run the installation process. As you said, you're trying to remove a directory that will be re-created by the installation. All that will happen if the installation is successful is that the directory will contains unused file in it. If you really worry about unused files in the directory, then uninstall the newer version of snort, it will probably remove the whole directory then re-run the installation.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •