[anand]

Today we finally tracked down why on unclean shutdown of the tomcat JVM (mailbox server process) would cause redo.log and even some other files to be owned by root:root.

Turns out there is a bug in linux kernel circa 2.6.5 (can't find a specific bug report on it) which would cause threads created before a setuid() call to have wrong privileges. (See zimbra bug 8158 for details.)

This was showing up on our SuSE Linux Enterprise Server v9 build box. We just upgraded the SLES box and problem is fixed in the latest kernel on SLES9.

I know this has come up and forums a few times, specially with Debian. So be sure to check your kernel version - because to be security hygienic you really don't want those threads running root privileged.