https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433077#M206091 Team:<BR /><BR />The security software shows RED FLAG for root's .profile. The permission is 400 for .profile with owner as root:sys. here is the error after running the report<BR /> /.profile daemon: : GID is sys, expected daemon <BR /> /.profile hpdb:ALLBASE: GID is sys, expected other <BR />/.profile www: : GID is sys, expected other <BR /><BR />I am not sure how to correct it? Any ideas?<BR /><BR />Thanks<BR /><BR />Joe. Tue, 30 Nov 2004 10:20:52 GMT joe_91 2004-11-30T10:20:52Z https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433077#M206091 Team:<BR /><BR />The security software shows RED FLAG for root's .profile. The permission is 400 for .profile with owner as root:sys. here is the error after running the report<BR /> /.profile daemon: : GID is sys, expected daemon <BR /> /.profile hpdb:ALLBASE: GID is sys, expected other <BR />/.profile www: : GID is sys, expected other <BR /><BR />I am not sure how to correct it? Any ideas?<BR /><BR />Thanks<BR /><BR />Joe. Tue, 30 Nov 2004 10:20:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433077#M206091 joe_91 2004-11-30T10:20:52Z https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433078#M206092 I don't know why it is said to be related to .profile, but what is displayed is default groups for those users, and they seem not to be correct. You should correct this with this commands :<BR />usermod -g daemon daemon<BR />usermod -g other hpdb<BR />usermod -g other www<BR /><BR />This should correct the problem.<BR /><BR />Regards,<BR /><BR />Fred<BR /> Tue, 30 Nov 2004 10:30:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433078#M206092 Fred Ruffet 2004-11-30T10:30:23Z https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433079#M206093 I am not sure how to interpret your report, but you can report on the group id using the following:<BR /># id daemon<BR /># id hpdb<BR /># id www<BR /><BR />For example:<BR /># id www<BR />uid=30(www) gid=1(other)<BR /><BR />The gid is stored in the /etc/passwd file.<BR />www:*:30:1::/:<BR /> Tue, 30 Nov 2004 10:32:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433079#M206093 Cheryl Griffin 2004-11-30T10:32:15Z https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433080#M206094 I honestly wouldn't worry about it much.<BR /><BR />It is flagging the /.profile because the home directory for each of those users is /, thus it will use the same .profile as the root user, whose home dir is also / by default. The default for root's .profile is owner=root and group=sys, thus you're getting the GID is sys for /.profile.<BR /><BR />None of those users should be able to login and you normally don't even su to them, at least I never have, so the .profile should never even be used.<BR /><BR />I guess you could try setting up a separate home directory for each of those users /hpdb, /daemon, /www and give them their own profile with the expected permissions. I don't think that would effect anything else. It'd just be non-standard. Tue, 30 Nov 2004 10:54:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433080#M206094 Patrick Wallek 2004-11-30T10:54:15Z https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433081#M206095 I am not able to usermod 'coz it says Cannot modify user 'hpdb': Home directory '/' is shared<BR /><BR />Joe Tue, 30 Nov 2004 11:04:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433081#M206095 joe_91 2004-11-30T11:04:13Z https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433082#M206096 how to add the home direcory for these users? <BR /><BR />joe Tue, 30 Nov 2004 11:16:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433082#M206096 joe_91 2004-11-30T11:16:09Z https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433083#M206097 ok super. i added /daemon as the home dir and same way for others and the red is gone. will this have any other impacts?<BR /><BR />Joe Tue, 30 Nov 2004 11:24:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433083#M206097 joe_91 2004-11-30T11:24:22Z https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433084#M206098 I don't think it will impact anything, but I'm not 100% sure. I've never tried it. Tue, 30 Nov 2004 11:29:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433084#M206098 Patrick Wallek 2004-11-30T11:29:41Z https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433085#M206099 On my ref system, those user are affected to / as home. It shouldn't be a problem as long as they never log in... But we never know.<BR />Better replace everything as said. If you can't use usermod, use sam, or, at least vi (oh ! what a bad advice !). If using vi, make sure to copy file before.<BR /><BR />Regards,<BR /><BR />Fred<BR /> Tue, 30 Nov 2004 11:41:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-red-flag-for-root-profile/m-p/3433085#M206099 Fred Ruffet 2004-11-30T11:41:21Z