Security News > 2023 > August > Findlargedir: Find all “blackhole” directories with a huge amount of filesystem entries
Findlargedir is a tool written to help quickly identify "Black hole" directories on any filesystem having more than 100k entries in a single flat structure.
Such directories cannot shrink back even if the content gets cleaned up since most Linux and Un*x filesystems do not support directory inode shrinking.
This often happens with forgotten Web sessions directory, various cache folders, POSIX filesystem emulating object storage, etc.
The program will attempt to identify any such events and report on them based on calibration, i.e. how many assumed directory entries are packed in each directory inode for each filesystem.
Findlargedir will not follow symlinks and requires r/w permissions to calibrate the directory to calculate a directory inode size to number of entries ratio and estimate a number of entries in a directory without actually counting them.
While this method approximates the actual number of entries in a directory, it is good enough to scan for offending directories quickly.