https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753668#M70841 Permissions are open for read only on both<BR />passwd and group files.<BR /><BR />When running a password check if anything is <BR />wrong in the file could that cause this error<BR />to appear?? Thu, 27 Jun 2002 16:13:52 GMT james gould 2002-06-27T16:13:52Z https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753665#M70838 When doing a whoami command as a regular user<BR />the following message appears :<BR />Intruder alert<BR /><BR />Does not happen when running the same command<BR />as root.<BR /><BR />O/S is 11.00 Thu, 27 Jun 2002 15:44:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753665#M70838 james gould 2002-06-27T15:44:08Z https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753666#M70839 whoami reads the /etc/passwd file for info. check the permissions and if it is not readable for users then you would get this message. Does not happen for root 'coz root will have the permissions on it. Thu, 27 Jun 2002 16:04:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753666#M70839 Giri Sekar. 2002-06-27T16:04:47Z https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753667#M70840 Hi James:<BR /><BR />Make sure /etc/passwd is readable by everyone:<BR /><BR />-r--r--r--<BR /><BR />Regards!<BR /><BR />...JRF... Thu, 27 Jun 2002 16:05:56 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753667#M70840 James R. Ferguson 2002-06-27T16:05:56Z https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753668#M70841 Permissions are open for read only on both<BR />passwd and group files.<BR /><BR />When running a password check if anything is <BR />wrong in the file could that cause this error<BR />to appear?? Thu, 27 Jun 2002 16:13:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753668#M70841 james gould 2002-06-27T16:13:52Z https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753669#M70842 the permissions of /etc/passwd fuile are r-- --- --- change it to r-- r-- r-- and you are good to go.<BR /><BR /><BR />Manoj Srivastava Thu, 27 Jun 2002 16:15:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753669#M70842 MANOJ SRIVASTAVA 2002-06-27T16:15:37Z https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753670#M70843 The decision would be yours. If you make the /etc/passwd file as 444 then you will not get this error. But you may have turned it off for security. Thu, 27 Jun 2002 16:17:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753670#M70843 Giri Sekar. 2002-06-27T16:17:16Z https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753671#M70844 Also James<BR /> check whether there are two or more user having the same user id this wil also cause whoami to give intruder alert.<BR /><BR /><BR />Manoj Srivastava Thu, 27 Jun 2002 16:18:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753671#M70844 MANOJ SRIVASTAVA 2002-06-27T16:18:41Z https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753672#M70845 Hi (again) James:<BR /><BR />Make sure the permissions of '/etc' (and '/') allow read and execute to everyone, too. Do:<BR /><BR /># ls -ld /<BR /># ls -ld /etc<BR /><BR />Regards!<BR /><BR />..JRF... Thu, 27 Jun 2002 16:22:36 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753672#M70845 James R. Ferguson 2002-06-27T16:22:36Z https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753673#M70846 I have permissions -rw-r--r-- on most of my servers. If you set these permissions make sure that the owner is root and the group is root.<BR /><BR />Good luck Thu, 27 Jun 2002 16:30:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753673#M70846 Rob Fisher 2002-06-27T16:30:54Z https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753674#M70847 Hi James:<BR /><BR />Did you get a chance to look into your profile??? 3/125(points alloted). If you feel all the above answers are dumb then put N/A. <BR /><BR />Thanks<BR />Brian. Thu, 27 Jun 2002 16:49:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753674#M70847 brian_31 2002-06-27T16:49:32Z https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753675#M70848 All permissions are ok <BR /><BR />Will try restoring passwd file from backup and<BR />see if that does the trick Thu, 27 Jun 2002 16:49:56 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753675#M70848 james gould 2002-06-27T16:49:56Z https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753676#M70849 According to what I read online (Google search) this message has nothing to do with file permissions. <BR /><BR /><QUOTE>If the current user ID is not in the password file, the message Intruder alert is displayed.</QUOTE><BR /><BR />I'm not sure under what circumstances you could end up with a UID that is not in the password file, but that appears to be the case here.<BR /> Fri, 28 Jun 2002 18:49:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753676#M70849 Jerry Anderson_1 2002-06-28T18:49:33Z https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753677#M70850 Restored a backup of the passwd file and it <BR />fixed the problem. Seems that another admin<BR />modifed a user password so they could not login<BR />and deleted the UID by mistake. Fri, 28 Jun 2002 18:55:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-question/m-p/2753677#M70850 james gould 2002-06-28T18:55:07Z