This content has been marked as final. Show 3 replies
A process can reset its per-process core file pattern.
Your coreadm settings, when a process does not override its per-process core file pattern produces wither two identical core files in /var/core, or the same file is written twice. Either way, it's a waste.
And if you want core files to be written only to /var/core, you need to disable per-process and per-process setid cores using coreadm.
You also need to watch the permissions on your core file directory lest a sensitive process drop a core file there that's world-readable.
In this case, the processes are not resetting the core file pattern.
The same software stack is running on multiple machines, and on all machines except one,
the user owned core files are always in the expected place.
The permissions and ownerships of processes and directories are same on all machines,
as is the coreadm.conf.
It's only on one machine that the user core files are sometimes in the working directory,
IOW, on this machine, many user core files appear in the expected place, but not all,
and I'm wondering what could be the reason.
Well, one of three things:
1. There's something different configuration-wise on that one machine. I don't recall offhand exactly when the global core file pattern gets applied during boot, but I think on Solaris 9 it's done somewhere really early in boot by an rc script. If some processes get spawned before that time, they might keep the initial default per-process pattern.
2. The users of that one machine are in fact resetting the per-process core file pattern in some way.
3. You've found a bug. One that intermittently appears on only one machine. Good luck getting that fixed as it's almost certainly going to be very difficult if not impossible for someone else to duplicate.
And there is a lot of overlap in those three possibilities.
But still, the only way to guarantee that core files are dropped only where you specify is to use the global core file pattern and disable per-process core files. And then hope someone with root access doesn't modify the setting.