Strange Files


Rosie Moderator
Staff member
A user has noticed strange files and folders written to the root Library directory. A Finder search will see them, if you search on "Modified" and "Today"

If you click on these, the Mac thinks they are alias files and tries to delete them or repair them. This does nothing.

The terminal does not see them at all when doing an ls -r.

Some are folders according to the Finder with names like ib.log.0.
abc.ƒ and user.root.log etc. and they have no created date and zero length. Others are considered to be files. The Finder gives them a square icon with rounded corners.

It is suspected that they are used as some kind of flag by programs. What the concern about is why the are written there and why they can not be delete!

"They are not invisible files like.DS_Store, they are not dot files. We operate with the invisible files toggled on, since as developers we need to access hidden folders line usr, tmp ,sbin etc. etc. I am familiar with Mac invisible files.

The files referred to are different. Some are files and some are folders. They are zero length and have no creation or modification date. These are being used as flags I suspect, for example to indicate if a demo program's time as run out or not.

For example:

If folder 'ib.test.0' exists then do not run program...

We test a wide array of Mac applications on a continuing basis. I have tried to reboot and they still remain. My concern is that they can not be deleted, by the Finder or the terminal and this is of concern to us.

They do not regenerate because they can not be removed. They are not related to out development. We use X-code and have verified this. We have tried to overwrite them with a file or folder of the same name, but we just get another file or folder. The Finder does not ask if we want to replace the existing one like it normally does.

I guess my concern is that some programs can write to the hard drive without permissions being set or they have managed to make the system that they have 'root' permissions.

I do not see any harm in this at the moment but it does concern me that it could be used by bad programmers to mark your system and might be considered a security problem

Please advise. I don't like programs writing to the hard drive a file a can not remove!"

Any ideas?
Have you tried using "sudo" to remove the files?

sudo rm /path/to/weird/files
and then have the user enter their root password. This should do it, if not, I don't know, since root has full permission, and can do anything...
yes.. the terminal does not see these at all. They are only seen by the Finder if you do a Modified, Yesterday etc.
Terminal should be able to see it. You just have to give it the right arguments. Try this:
ls -al /path/to/parent/dir