You are not logged in.

Pages: 1

#1 2017-02-20 12:33:27

Samuel from beteigeuze
Member
From: Bavaria/Germany
Registered: 2009-06-06
Posts: 29

Weird file in root directory

Hi,

on my laptop I get a very weird file after rebooting in the / directory. It appears after booting and has a size of 0 bytes. Its name seems to be composed of non-printable characters, at least there seem to be some hex-encoded characters in it. It looks like this:

root@ares ~ # ls -lisa /,['$'\221''}]'$'\214\265''e'$'\211''3'$'\266\274\022''^
496807       1 -rw-------   1 root root          0 Feb 20 12:35 ',['$'\221''}]'$'\214\265''e'$'\211''3'$'\266\274\022''^'

If I delete the file it re-appears after the next reboot.
I use ZFS on LUKS on two SSDs, so I have an extra initcpio-hook called "encrypt2", wchich is an exact copy of encrypt in order to decrypt the second SSD container before mounting anyhing. Diff shows no difference between these two hook files. I don't think this hook generates the file but that is the only change I have made myself in the early boot process. My bootloader is systemd-bootloader (with bootctl).

Additionally, I have a KDE/Plasma desktop and the standard Arch kernel from the repos.

I'd be grateful for any hints on how to trace the origin of this file (i.e. which process generates it) and how to trace that. I don't know if this is the correct subforum, feel free to show me the correct one if applicable.

Thnaks a lot!

There are 10 types of people: those who understand binary and those who don't.

Offline

#2 2017-02-20 12:55:09

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,523
Website

Re: Weird file in root directory

That looks very much like part of a custom prompt or PS1.  I'd suspect there is an equivalent of `touch $PS1` or `some command > $PS1` somewhere in one of your configs or services.

"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#3 2017-02-20 14:02:52

Samuel from beteigeuze
Member
From: Bavaria/Germany
Registered: 2009-06-06
Posts: 29

Re: Weird file in root directory

Hmm, I grepped over my system but did not find anything into that direction. I looked for '$PS1' and for '${PS1}' - are there any possible variable expansions that I might have missed?

root@ares ~ # grep --exclude-dir="\.mozilla" --exclude-dir=proc --exclude-dir=sys -nrI '$PS1' /
/opt/pypy3/lib-python/3/venv/scripts/posix/activate:56:    _OLD_VIRTUAL_PS1="$PS1"
/opt/pypy3/lib-python/3/venv/scripts/posix/activate:58: PS1="__VENV_NAME__$PS1"
/opt/pypy3/lib-python/3/venv/scripts/posix/activate:63:        PS1="[`basename \`dirname \"$VIRTUAL_ENV\"\``] $PS1"
/opt/pypy3/lib-python/3/venv/scripts/posix/activate:65:        PS1="(`basename \"$VIRTUAL_ENV\"`)$PS1"
/root/.histfile:1147:: 1487597932:0;grep --exclude-dir="\.mozilla" --exclude-dir=proc --exclude-dir=sys -nrI '$PS1' /
/etc/profile:19:if test "$PS1" && test "$BASH" && test -z ${POSIXLY_CORRECT+x} && test -r /etc/bash.bashrc; then
grep: /run/user/1000/gvfs: Permission denied
/usr/share/git/git-prompt.sh:21:#        you would put in $PS1 before and after the status string
/usr/share/git/completion/git-prompt.sh:21:#        you would put in $PS1 before and after the status string
/usr/share/zsh/functions/Prompts/promptinit:51:  local +h PS1=$PS1 PS2=$PS2 PS3=$PS3 PS4=$PS4 RPS1=$RPS1
/usr/share/zsh/functions/Prompts/promptinit:88: local +h PS1=$PS1 PS2=$PS2 PS3=$PS3 PS4=$PS4 RPS1=$RPS1
/usr/share/zsh/functions/Prompts/promptinit:185:  local +h PS1=$PS1 PS2=$PS2 PS3=$PS3 PS4=$PS4 RPS1=$RPS1
/usr/share/zsh/functions/Misc/promptnl:76:: PS1="%{${(pl:COLUMNS+1:: ::\r:)}%}$PS1"
/usr/share/zsh/functions/Misc/promptnl:87:: PS1="%{%S<EOL>%s${(pl:COLUMNS-4:: ::\r:)}%}$PS1"
/usr/share/zsh/functions/Misc/promptnl:95:PS1="%{%S#%s${(pl:COLUMNS:: ::\r:)}%}$PS1"
/usr/share/texmf-dist/scripts/context/stubs/setup/setuptex:150: if [ "x$PS1" != "x" ] ; then
/usr/share/bash-completion/completions/ovs-vsctl-bashcomp.bash:422:    myPS1="$(sed 's/Begin prompt/\\Begin prompt/; s/End prompt/\\End prompt/' <<< "$PS1")"
/usr/share/bash-completion/completions/ovs-appctl-bashcomp.bash:229:    myPS1="$(sed 's/Begin prompt/\\Begin prompt/; s/End prompt/\\End prompt/' <<< "$PS1")"
/usr/share/doc/bash/bashref.html:7180:before the printing of each primary prompt (<code>$PS1</code>).
/usr/share/doc/bash/bashref.html:7797:<pre class="example">if [ -z &quot;$PS1&quot; ]; then
/usr/share/doc/bash/bashref.html:7829:before printing the primary prompt, <code>$PS1</code>
/usr/share/doc/bash/bashref.html:7889:printing <code>$PS1</code> (see <a href="#Bash-Variables">Bash Variables</a>).
/usr/share/doc/bash/bashref.html:13187:in the <code>$PS1</code>, <code>$PS2</code>, <code>$PS3</code>, and <code>$PS4</code> prompt
/usr/share/doc/bash/FAQ:1519:to $PS1.  You may also have to add quotes to avoid unwanted
/usr/lib/python3.6/venv/scripts/posix/activate:56:    _OLD_VIRTUAL_PS1="$PS1"
/usr/lib/python3.6/venv/scripts/posix/activate:58:      PS1="__VENV_PROMPT__$PS1"
/usr/lib/python3.6/venv/scripts/posix/activate:63:        PS1="[`basename \`dirname \"$VIRTUAL_ENV\"\``] $PS1"
/usr/lib/python3.6/venv/scripts/posix/activate:65:        PS1="(`basename \"$VIRTUAL_ENV\"`)$PS1"
/home/samuel/abs/nuvola-app-amazon-cloud-player/src/nuvola-app-amazon-cloud-player-5.3/ve/bin/activate:57:    _OLD_VIRTUAL_PS1="$PS1"
/home/samuel/abs/nuvola-app-amazon-cloud-player/src/nuvola-app-amazon-cloud-player-5.3/ve/bin/activate:59:        PS1="$PS1"
/home/samuel/abs/nuvola-app-amazon-cloud-player/src/nuvola-app-amazon-cloud-player-5.3/ve/bin/activate:61:        PS1="(`basename \"$VIRTUAL_ENV\"`) $PS1"
/home/samuel/abs/nuvolaplayer/src/nuvolaplayer-3.0.1/set_up_env.sh:12:[[ "$PS1" = "$prompt_prefix"* ]] || export PS1="$prompt_prefix $PS1"
/home/samuel/abs/nuvolaplayer/src/nuvolaplayer-3.0.4/set_up_env.sh:12:[[ "$PS1" = "$prompt_prefix"* ]] || export PS1="$prompt_prefix $PS1"
root@ares ~ # grep --exclude-dir="\.mozilla" --exclude-dir="\.thunderbird" --exclude-dir=proc --exclude-dir=sys -nrI '${PS1}' /                                                                                                         :(
/root/.histfile:1148:: 1487598466:0;grep --exclude-dir="\.mozilla" --exclude-dir="\.thunderbird" --exclude-dir=proc --exclude-dir=sys -nrI '${PS1}' /
grep: /run/user/1000/gvfs: Permission denied
/usr/share/vim/vim80/pack/dist/opt/shellmenu/plugin/shellmenu.vim:60:imenu Environ.PS1 ${PS1}
/usr/share/zsh/functions/Prompts/promptinit:196:  print -P "${PS1}command arg1 arg2 ... argn"

There are 10 types of people: those who understand binary and those who don't.

Offline

#4 2017-02-21 02:23:55

HiImTye
Member
From: Halifax, NS, Canada
Registered: 2012-05-09
Posts: 1,072

Re: Weird file in root directory

it's owned by root, so it must be part of some script that is running as a service, or in root's contab

Offline

Pages: 1

Board footer

Powered by FluxBB