Re: Do too many files hurt a directory?

From: Michael Paoli (michael1cat_at_yahoo.com)
Date: 03/29/04 

Date: 28 Mar 2004 23:20:16 -0800

Unless there's some exception I'm not aware of in UNIX:
Directories grow, but they don't shrink. So, basically, when the directory
(which is just the directory special type of file) gets crammed full of
files, the directory itself grows to keep track of all those files
(typically holding name and inode number data for each item in the
directory). When the items are removed (unlinked), the directory *does
not shrink*. So, to effectively shrink the directory, it needs to be
recreated (e.g. move problematic "stretched" directory somewhere else on
the filesystem, create a new replacement directory, move contents
from the old directory to the new directory, remove the old directory).
Note that if the problematic directory is the root directory of the
filesystem, it will generally be necessary to recreate the filesystem.

Use of cpio with the -p and -l options can be useful for doing such a
cleanup on most all directories on a filesystem (can cover everything
except the root directory of a filesystem).

This is also a reason why I generally advocate that non-root users don't
get write permission in any directory that is the root of any filesystem.

Of course if folk(s) with superuser (root) access are running about the
system mucking things up, well, ...

"Charlie Gibbs" <cgibbs@kltpzyxm.invalid> wrote in message news:<1343.581T698T5713763@kltpzyxm.invalid>...
> A process went wild at a customer site the other night, and started
> creating files with gay abandon. When the staff came in the next
> morning, the system was extremely sluggish. I dialed in and found
> that over 280,000 files had been created, all in the same directory.
> All of the files belong to root (the user kicked off the process's
> parent under the wrong ID), and most of them are empty or nearly so.
> I finally managed to delete all of the files (it took the better part
> of a day), but the system is still sluggish - even a simple ls command
> takes 10 seconds or more to respond.
>
> Is a directory somehow stretched out of shape if it has an absurdly
> high number of files created? If so, what's the best way to recover?
> Currently I have the customer creating a new directory and copying
> the contents of the old directory into it. Then she can delete the
> old directory and rename the new one. We've got our fingers crossed -
> the way the system is running it's going to take a long time - but if
> it fails, what then? Can fsck clean things up, or is it time for a
> full reformat a la Windows?

Relevant Pages

  • Re: Read-only root (/) except /et
    ... in other words, again root is compromised. ... That means that in a standard config the root filesystem cannot be made ... backup, and fewer writes means less likelihood of corruption eg if power ... Note that all my live partitions are rsync'd with identical ...
    (Debian-User)
  • Re: Read-only root (/) except /et
    ... in other words, again root is compromised. ... That means that in a standard config the root filesystem cannot be made ... backup, and fewer writes means less likelihood of corruption eg if power ... Note that all my live partitions are rsync'd with identical ...
    (Debian-User)
  • Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03
    ... They can simply mount a filesystem with any number of SUID ... root binaries on it and have their way with the box. ... I don't think anyone is arguing whether or not this is a bug. ...
    (FreeBSD-Security)
  • Re: Disk Druid - Fedora flame #1
    ... >Gene Heskett wrote: ... > be part of a minimal boot environment. ... >And the root filesystem should be as small as reasonably possible, ... as long as root is trusted. ...
    (Fedora)
  • Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03
    ... They can simply mount a filesystem with any number of SUID ... root binaries on it and have their way with the box. ... They have physical access to the machine. ...
    (FreeBSD-Security)