You're viewing a single thread.
/var/log has been deleted, you say...
I think we all know what this means, don't we?
Hint
ls -ld /var/log drwxrwxr-x 18 root syslog 4096 Aug 11 08:13 /var/logI have no clue. Root nuked the logs? Why? OOM killer does not do that.
Well, there is only one who could have erased all traces of the SIGKILL...
And only the SIGKILLER would have had reason to do so...
Ahh ok, so it is the obvious one.
No, actually it is the boring solution. I has been a user.
Here is the follow-up comic:
That seems so obvious I think we're missing something
Whatever, we have a suspect.
Bring in GDB to do the interrogation! And perhaps also call Nice, he can play the good cop...
Forgive me my ignorance, but since Apache is running as root, couldn't PHP inherit it's permissions?
The Apache main process runs as root. When it receives a request, it spawns a child process that doesn't run as root. PHP runs as the same user as the Apache child process.
Or PHP runs in its own fastcgi like process under a different account.