If you don't want core files at all, set "ulimit -c 0" in your startup files. That's the default on many systems; in /etc/profile you may find
ulimit -S -c 0 > /dev/null 2>&1
If you DO want core files, you need to reset that in your own .bash_profile:
ulimit -c 50000
would allow core files but limit them to 50,000 bytes.
You have more control of core files in /proc/sys/kernel/
For example, you can do eliminate the tagged on pid by
echo "0" > /proc/sys/kernel/core_uses_pidCore files will then just be named "core". People do things like that so that a user can choose to put a non-writable file named "core" in directories where they don't want to generate core dumps. That could be a directory (mkdir core) or a file (touch core;chmod 000 core). I've seen it suggested that a symlink named core would redirect the dump to wherever it pointed, but I found that didn't work.
But perhaps more interesting is that you can do:
mkdir /tmp/corefiles
chmod 777 /tmp/corefiles
echo "/tmp/corefiles/core" > /proc/sys/kernel/core_pattern
All corefiles then get tossed to /tmp/corefiles (don't change core_uses_pid if you do this).
Test this with a simple script:
# script that dumps core
kill -s SIGSEGV $$
But wait, there's more (if your kernel is new enough). From "man proc":
/proc/sys/kernel/core_pattern
This file (new in Linux 2.5) provides finer control over the
form of a core filename than the obsolete
/proc/sys/kernel/core_uses_pid file described below. The name
for a core file is controlled by defining a template in
/proc/sys/kernel/core_pattern. The template can contain %
specifiers which are substituted by the following values when
a core file is created:
%% A single % character
%p PID of dumped process
%u real UID of dumped process
%g real GID of dumped process
%s number of signal causing dump
%t time of dump (secs since 0:00h, 1 Jan 1970)
%h hostname (same as the 'nodename'
returned by uname(2))
%e executable filename
A single % at the end of the template is dropped from the core
filename, as is the combination of a % followed by any character
other than those listed above. All other characters in the
template become a literal part of the core filename. The maximum
size of the resulting core filename is 64 bytes. The default
value in this file is "core". For backward compatibility, if
/proc/sys/kernel/core_pattern does not include "%p" and
/proc/sys/kernel/core_uses_pid is non-zero, then .PID will be
appended to the core filename.
If you are running a Linux kernel that doesn't support this, you'll get no core files at all, which is also what happens if the directory in core_pattern doesn't exist or isn't writable by the user dumping core. So that's yet another way to not dump core for certain users: set core_pattern to a directory that they can't write to, and give write permission to the users who you do want to create core files.
Use this to find core files and remove them:
find . | egrep "\/core\.[0-9]+$" | xargs rm -f
This works well as it finds only core files.
Hiç yorum yok:
Yorum Gönder