topic Re: No group/ no user ownership in Operating System - HP-UX

No group/ no user ownership

Rich Sanders — Fri, 17 Oct 2003 12:28:33 GMT

I am concerned about some files that have no group or user ownership applied. In my auditor eyes, these are risky because:

1. They can be written to by anyone (open door for malicious code)

2. If they are critical files, some ownership should be established for accountability sake.

Anything else? Plese help!

Re: No group/ no user ownership

RAC_1 — Fri, 17 Oct 2003 12:42:29 GMT

Find out sych files.

find . -type f \( -nouser -o -nogroup \) -exec ll {} \;

Check what are those files. (file file_name or stings file)
If thay are unnecessary files you can just delete it. If those are of some use change the ownership.

Re: No group/ no user ownership

Rich Sanders — Fri, 17 Oct 2003 13:07:34 GMT

But, I am correct in my statement, right?

Re: No group/ no user ownership

RAC_1 — Fri, 17 Oct 2003 13:14:08 GMT

1. They can be written to by anyone (open door for malicious code)

NO, it depends on the permissions on file. If it is wordwritable then anybody can write to it.

2. If they are critical files, some ownership should be established for accountability sake.

True. (Check what are those files and why these is no ownership)

Re: No group/ no user ownership

Patrick Wallek — Fri, 17 Oct 2003 13:40:22 GMT

Files can not have "no group or user ownership". It is just not possible in unix of any variety. What *is* possible is that the uid and / or gid of the owner / group of a file is displayed. If this is the case, that means that the uid or gid displayed does not exist in /etc/passwd or /etc/group.

Now if you have a file like that, the permissions on the file still control who can / can't do things with the file. If the permissions do not allow anyone other than the owner to do something with the file, then that is still in effect even though the owner shows as a UID.

So, to your statement 1 -- That still depends entirely upon the permissions of the files.

To statement 2 -- Yes, *ALL* files should have some legitimate user / group.

Re: No group/ no user ownership

Bill Hassell — Fri, 17 Oct 2003 20:25:56 GMT

Send your auditor to Unix 101 class. *EVERY* file and directory in Unix has a number for the user and a number for the group. The ONLY reason yoi see a username and groupname is that ls -l is scanning /etc/passwd and /etc/group to find a match. When a match is found, the names are substituted for the numbers. Files and directories without matching owners should be examined to determine why they do not match. Perhaps a junior sysadmin just edited the passwd file directly, or a poorly written install script never set specific ownerships on a set of files.