I've recently been getting alerts from our server monitoring software about greater than 90% disk I/O utilisation.
I installed iotop and there are three instances of the following process showing up with very high IO:
% getfacl -R --absolute-names /var/www
Does this indicate a problem?
I would say that is not normal/expected behaviour. Is somebody running a script to find certain types of files that might be regarded as dangerous? e.g. setuid springs to mind. Who is the user who owns the getfacl process? Maybe somebody is trying to backup the ACL's