The Chalkboard


Rebuilding the /dev/null file

Last Updated: [2024-03-30 Sat 01:00]

Sarcastic Title: “/dev/null is already 98% full”

Introduction

I logged into a box the other day and was greeted with a rather odd error message: -bash: /dev/null: Permission denied

This struck me as a bit odd, as /dev/null is a device file which should be accessible by all. So, I popped open DF-SHOW (shameless self-plug) at the /dev directory, and had a look at the null file.

Looking at the file in DF-SHOW, I could see that the null file has been somehow replaced with an actual file rather than a character special file (represented by a - in the first character, rather than a c, of the Attrs column (this would be the first column in the output of ls -l as well), the other giveaway is that the size of the file is reported rather than a driver denoted by a major and minor number. (In the case of /dev/null this should be 1, 3)

The Fix

To fix this, we need to recreate the null file. For this, we’ll first need to remove the bad file and use the mknod command, which is used to create block or character special files, to recreate null and using chmod to give it the correct permissions.

The caveat here is that between removing the old file, and creating the new one, if any application tries to write to the null file, it will be recreated as a regular file. To get around this, we'll be creating a new null with a different name, and forcefully moving it to the correct location.

Finally, if the system we're using has SELinux, we need to give the new null the correct security context (even though we might have disabled SELinux on that particular box, it’s just good practice when dealing with Red Hat based systems like CentOS) for this we’ll be using the chcon command:

sudo mknod /dev/null-new c 1 3
sudo chmod 666 /dev/null-new
sudo mv -f /dev/null-new /dev/null
sudo chcon system_u:object_r:null_device_t:s0 /dev/null

If all goes to plan, the /dev/null device should be working correctly.


DISCLAIMER: The information provided on this website is generated from my own notes and is provided "as is" and without warranties. Robert Ian Hawdon can not be held responsible for damages caused by following a guide published on this site. This website contains links to other third-party websites. Such links are provided as convienice of the reader. I do not endorce the contents of these third party sites.