HPE Community
Operating System - HP-UX
1752795 Members
6933 Online
108789 Solutions
New Discussion юеВ

ownership change

 
himacs
Super Advisor

тАО09-16-2009 06:30 AM

тАО09-16-2009 06:30 AM

ownership change

Hi Admins,

My root filesystem ownership and group has been changed to a normal user.I want to find out when its changed and who changed.

Is there any option with find command like 'ctime'

If m not wrong , ctime will provide the time of ownership changing..


regards
himacs

0 Kudos
Reply
6 REPLIES 6
James R. Ferguson
Acclaimed Contributor

тАО09-16-2009 06:38 AM

тАО09-16-2009 06:38 AM

Re: ownership change

Hi:

Yes, the 'ctime' represents the time of change in permissions, ownership, or the name of a file or directory. Be aware that some backup software will change the 'ctime' as a consequence of resetting the 'atime' of backed-up files. For directories, the 'ctime' will be updated for the parent directory as a consequence of adding or removing files. Hence, good luck isolating the change.

Regards!

...JRF...
0 Kudos
Reply
himacs
Super Advisor

тАО09-16-2009 06:52 AM

тАО09-16-2009 06:52 AM

Re: ownership change

Hi JRF,

Thanx for the reply..

ls -ld / give times as Sep 10.

dr-xr-xr-x 70 bin bin 8192 Sep 10 16:50 /

what does it means..?

andplz provide exact command to find out the time of ownership changing..


regards
himacs
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО09-16-2009 07:03 AM

тАО09-16-2009 07:03 AM

Re: ownership change

Hi (again):

> ls -ld / give times as Sep 10.
> dr-xr-xr-x 70 bin bin 8192 Sep 10 16:50 /
> what does it means..?
> andplz provide exact command to find out the time of ownership changing..

This interrogates the 'mtime' or last modification timestamp. To examine the last "change" timestamp, do:

# ls -lcd

BUT, as I stated originally, the 'ctime' of a directory can change for a multitude of reasons. If your 'mtime' were older than your 'ctime' this would suggest that the 'ctime' really represented the time of your ownership modification.

AGAIN, you may be chasing an answer for which you have insufficient data.

I would examine root's shell history file in the hope that something there helps you.

Regards!

...JRF...
0 Kudos
Reply
himacs
Super Advisor

тАО09-16-2009 08:05 AM

тАО09-16-2009 08:05 AM

Re: ownership change


OK JRF,

Actually i changed the ownership back to bin:bin.Nothing unusual found in .sh_history.
Anyhow let me check any other alternatives.

thanx for ur time.

regards
himacs
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО09-16-2009 08:42 AM

тАО09-16-2009 08:42 AM

Re: ownership change

Hi (again):

I have one other thought for you. If you have scripts that perform a 'cd' to change directory's make sure to test if the change is successful and take action if not.

This could include code, like:

cd ${MYPATH}

...where the variable is empty and your 'root' account's $HOME path is '/'.

Good scripting would either do:

set -u
cd ${MYPATH}

or:

cd /somepath || { echo "bad path!"; exit 1; }

In the case of the 'root' account, this is another good reason to change the ${HOME} directory from '/' to '/root'.

Regards!

...JRF...
0 Kudos
Reply
Raj D.
Honored Contributor

тАО09-16-2009 09:28 AM

тАО09-16-2009 09:28 AM

Re: ownership change

Himacs,

>My root filesystem ownership and group has been changed to a normal user.

What do you mean root filesystem permission.
I understand someone changed the mount point permission .

Btw, root can only change the mountpoint permission, and not the other users, unless the permission on that mountpoint is not root:root.


To check who changed permission check:
- you have howmany admins, or other users who uses root login.
- or howmany users you have with root sudo login access.

To Check : sulog , and sudolog what are the users logged in as root.

hth,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.