The officially official Devuan Forum!

You are not logged in.

#1 2018-10-12 21:46:15

Altoid
Member
Registered: 2017-05-07
Posts: 102  

[Solved] Huge .xsession-errors file

Hello:

Some time ago I took notice that my /home folder usage had grown to over 75%.
It seemed too much but then I realised that I had not done any cleaning in my /home/Downloads folder, so I did a thorough cleaning and sent what I (suppose) will/may need to another drive.

My cleaning got me to around 53% but it still seemed too much as the whole /home partition is 45Gb.

I went looking for a disk usage app and remembered Baobab from my days playing with Mint but saw that the beast wants to drag in all its relatives and friends into my rig so I skipped that one.

Then I remembered du, which I ran as root so it would look everywhere:

[root@devuan groucho]# du -a /home | sort -n -r | head -n 100
24834420	/home
24834400	/home/groucho
16401024	/home/groucho/.xsession-errors
6549156	/home/groucho/VirtualBox VMs
6549152	/home/groucho/VirtualBox VMs/groucho xp
6548676	/home/groucho/VirtualBox VMs/groucho xp/groucho xp-disk1.vmdk
842040	/home/groucho/vmshared
482676	/home/groucho/.wine
480524	/home/groucho/.wine/drive_c
439036	/home/groucho/.wine/drive_c/PMAIL
[root@devuan groucho]# 

And this is when I came upon the 16.4Gb .xsession-errors file.

So I got emptied it completely, no way I could open it with Log Viewer to see what was up.

groucho@devuan:~$ >~/.xsession-errors
groucho@devuan:~$ 

Now my /home folder just takes up 18%.

But I wonder: shouldn't this be getting rotated, zipped and eventually deleted past a certain time?

Thanks in advance.

A.

Last edited by Altoid (2018-10-13 16:21:08)

Offline

#2 2018-10-12 22:07:02

golinux
Administrator
Registered: 2016-11-25
Posts: 1,249  

Re: [Solved] Huge .xsession-errors file

I have had .xsession-errors files much larger than that because I forget to check.  My home  stuffed with ~250 GB so that file isn't a noticeable blip.  It is possible to open those logs.  Just change the encoding.

Offline

#3 2018-10-12 22:58:19

Altoid
Member
Registered: 2017-05-07
Posts: 102  

Re: [Solved] Huge .xsession-errors file

Hello:

golinux wrote:

... .xsession-errors files much larger ...
... stuffed with ~250 GB so that file isn't a noticeable blip.

Indeed.  =-)

golinux wrote:

It is possible to open those logs.  Just change the encoding.

Don't know how to do that, it is a problem when I wanted to open some (not all) log files with mousepad.
But I can read them with the Log Viewer.

I have had problems opening up huge files (very slow) even though my rig holds 8Gb. RAM.

WRT the .xsession-errors file, I found a solution to keep it in check here:

http://www.daniloaz.com/en/how-to-preve … huge-size/

It sets up a line in crontab to check every 15 minutes if the file size is greater than 5 GB and if so either empty it or keep the last 10,000 lines.
I set it for every 30 minutes and 1000 lines.

Once I emptied the .xsession-errors file, I found that it was getting a Gtx error every so often about not being able to load the ATK bridge, which I fixed by installing libatk-adaptor.
Found that solution here: https://dev1galaxy.org/viewtopic.php?id=1815 -->  =-)

But what really eats up room in the .xsession-errors file is this line, constantly written up:

du: cannot read directory '/var/log/lost+found': Permission denied
du: cannot read directory '/var/log/lost+found': Permission denied
du: cannot read directory '/var/log/lost+found': Permission denied
--- snip ---

But I know where it comes from:

groucho@devuan:~$ conky
conky: desktop window (1600003) is subwindow of root window (728)
conky: drawing to desktop window
conky: No compatible double buffer extension found
conky: drawing to single buffer
du: cannot read directory '/var/log/lost+found': Permission denied
du: cannot read directory '/var/log/lost+found': Permission denied
du: cannot read directory '/var/log/lost+found': Permission denied
du: cannot read directory '/var/log/lost+found': Permission denied
du: cannot read directory '/var/log/lost+found': Permission denied
du: cannot read directory '/var/log/lost+found': Permission denied
--- snip ---

My conky.conf file is set up so I can see the evolution of my disk usage (/, /home and /var/log), and /var/log usage is checked with this line ...

/var/log ${exec du -sch /var/log | head -n1 | awk '{print $1}'}
${fs_bar /var/log}

... so every time that conky takes a reading, it generates an error message that gets logged in the .xsession-errors file.
No wonder it was huge, conky reads every 2s.   

So the question would be:

How can I get conky to be able to read lost+found?
This would need admin credentials for conky, which does not sound healthy.
And conky is not really a user, so I don't think it could be added to sudoers.

Maybe get the Xserver to not log this specific error?

Any ideas?

Thanks in advance.

A.

Last edited by Altoid (2018-10-12 22:59:13)

Offline

#4 2018-10-13 01:53:52

fsmithred
Administrator
Registered: 2016-11-25
Posts: 873  

Re: [Solved] Huge .xsession-errors file

Conky runs as your user, so give your user sudo nopasswd for du and change the command in conkyrc to

exec sudo du -sch /var/log

Make a file in /etc/sudoers.d/ with the following.

groucho ALL= NOPASSWD: /usr/bin/du

Offline

#5 2018-10-13 15:13:18

Altoid
Member
Registered: 2017-05-07
Posts: 102  

Re: [Solved] Huge .xsession-errors file

Hello:

fsmithred wrote:

Conky runs as your user ...

I see ...

fsmithred wrote:

... so give your user sudo nopasswd for du ...

OK

fsmithred wrote:

... and change the command in conkyrc to

exec sudo du -sch /var/log

Make a file in /etc/sudoers.d/ with the following.

groucho ALL= NOPASSWD: /usr/bin/du

Fortunately I recently learned (here) how to properly generate a sudoers file.
Done.

Just to check:

groucho@devuan:~$ conky
conky: desktop window (1800003) is subwindow of root window (728)
conky: drawing to desktop window
conky: No compatible double buffer extension found
conky: drawing to single buffer

Now my .xsession-errors file will not get filled up with 18Gb of '/var/log/lost+found': Permission denied errors.

Edit:
This solution, neat and efficient, has nevertheless spawned another log overpopulation problem:

Every time

exec sudo du -sch /var/log

is run (every 2s), three lines get written to auth.log.   
This makes absolutely perfect sense as it's exactly what auth.log is for but it also means that auth.log will grow three times fraster than .xsession-errors grew. (!)

Oct 13 12:17:49 devuan sudo:  groucho : TTY=unknown ; PWD=/home/groucho ; USER=root ; COMMAND=/usr/bin/du -sch /var/log
Oct 13 12:17:49 devuan sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Oct 13 12:17:49 devuan sudo: pam_unix(sudo:session): session closed for user root
--- snip ---

I think I may have seen a fix for this but I'll have to look and get back.

In the meanwhile, do you have any ideas as to how to cope with this?
I will temporarily go back to where I was before the fix to conky to keep log growth at bay.

Thanks in advance.

Best,

A.

Last edited by Altoid (2018-10-13 15:26:45)

Offline

#6 2018-10-13 15:55:57

chris2be8
Member
Registered: 2018-08-11
Posts: 29  

Re: [Solved] Huge .xsession-errors file

Running chmod 755 /var/log/lost+found as root will allow all users to read /var/log/lost+found but not put anything in it. lost+found is where fsck puts files it has recovered from a damaged filesystem so there is usually nothing in there. I would not worry about allowing read access to it unless I have sensitive data on the system that not all users should be able to read.

Chris

Offline

#7 2018-10-13 16:13:20

Altoid
Member
Registered: 2017-05-07
Posts: 102  

Re: [Solved] Huge .xsession-errors file

Hello:

chris2be8 wrote:

Running chmod 755 /var/log/lost+found as root will allow all users to read /var/log/lost+found but not put anything in it.

Ahh ...
Interesting.

I thought it was a system file and as such belonged to root and root only.
Good to know.

Doing chmod 755 /var/log/lost+found would allow conky to read it without needing admin credentials ie: being included in a sudoers file.
And as such, it won't get logged in auth.log.
Neat.

chris2be8 wrote:

... lost+found is where fsck puts files it has recovered from a damaged filesystem so there is usually nothing in there.
... not worry about allowing read access to it unless I have sensitive data on the system that not all users should be able to read.

Nothing there that I should worry about.

I think it may also be worthwhile for the system to generate a separate /var/log/sudo.log file (editing /etc/sudoers).

Thanks you both (chris2be8 + fsmithred) for your input - learned new things today.

Best,

A.

Last edited by Altoid (2018-10-13 16:22:14)

Offline

Board footer