topic Re: ownership of / directory in Operating System - HP-UX

ownership of / directory

Rick Garland — Fri, 19 May 2006 09:15:16 GMT

Hi all:

We have multiple HPUX 11.23 systems on RISC and on ia-64.

Doing some swverify tasks I get warnings about the / directory not owned by root:root.

They are owned by daemon:daemon.

I have checked the systems and some are daemon:daemon while others are root:root. I cannot find a pattern as to why this so. I have queried my peers and they have not made the changes. I even loaded 1 of the RISC systems and I did not change the owners.

All systems have Oracle. All but 1 of the RISC systems is MCSG member.

Any ideas?

Thanks

Re: ownership of / directory

Patrick Wallek — Fri, 19 May 2006 09:22:55 GMT

No idea Rick. It would appear to me that something or someone had to change them at some point.

I just check all of my systems (28 of them, a combo of 10.20, 11.0, 11.11 and 11.23) and all except 1 system have root:root for / ownership. The one odd-ball system has root:sys for / ownership.

root:root is the standard. I don't know that it really would make any difference since root has access to everything anyway, but it is definitely non-standard.

I would be tempted to fix those that are daemon:daemon, if the pain of going through your change management process isn't too bad.

Re: ownership of / directory

Florian Heigl (new acc) — Fri, 19 May 2006 09:25:43 GMT

From my experience those changes sometimes are actually related to swinstall'ing packages that (I guess) were created on systems with different permissions.

Switch back to root:root and monitor for a change and then check if some software was rolled out that day.

Regards,
Florian

Re: ownership of / directory

James R. Ferguson — Fri, 19 May 2006 09:31:17 GMT

Hi Rick:

I don't have any 11.23 systems to interrogate.

However, a somewhat similar anomoly appeared last month for some entities in '/usr'.

You might try searching the IPD ('/var/adm/sw/products') looking for matches where either the 'uid' or 'gid' is set to 'daemon'. This might point to something. See the thread here:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1023107

Regards!

...JRF...

Re: ownership of / directory

TwoProc — Fri, 19 May 2006 09:34:03 GMT

Just a thought -
Are one of the subdirectories off of root owned by daemon:daemon also? If so, then I'm thinking someone or some software did a "chown daemon:daemon .* " from inside the subdirectory that is also owned by daemon:daemon.

Re: ownership of / directory

Arunvijai_4 — Fri, 19 May 2006 10:25:50 GMT

Hi Rick,

Perhaps, you may take a look at HP-UX Security guide Section 5.3.5

http://sabernet.home.comcast.net/papers/hp-ux9.html

-Arun

Re: ownership of / directory

V. Nyga — Fri, 19 May 2006 10:39:01 GMT

Hi,

one added thought to John's tipp:
chmod -R .... could have done that.

Other possibility: user id of root changed to daemon?

Volkmar

Re: ownership of / directory

V. Nyga — Fri, 19 May 2006 10:40:13 GMT

Sorry

chown -R .... of course

V.

Re: ownership of / directory

Rick Garland — Fri, 19 May 2006 13:20:22 GMT

Hi all:

Thanks for the feedback and ideas.
Did some scouting and I am unable to find anything. Looked at history files, the IPD, security docos, etc.

I am going to change them back and keep an eye on.

I did find a pattern. The PRD systems still have the root:root while the DEV/TST systems have the daemon:daemon. First thought would be some patch bundle did it as the PRD systems are a cycle behind.

Will keep posted.

Thanks again!