- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- ownership change
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-16-2009 06:30 AM
тАО09-16-2009 06:30 AM
ownership change
My root filesystem ownership and group has been changed to a normal user.I want to find out when its changed and who changed.
Is there any option with find command like 'ctime'
If m not wrong , ctime will provide the time of ownership changing..
regards
himacs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-16-2009 06:38 AM
тАО09-16-2009 06:38 AM
Re: ownership change
Yes, the 'ctime' represents the time of change in permissions, ownership, or the name of a file or directory. Be aware that some backup software will change the 'ctime' as a consequence of resetting the 'atime' of backed-up files. For directories, the 'ctime' will be updated for the parent directory as a consequence of adding or removing files. Hence, good luck isolating the change.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-16-2009 06:52 AM
тАО09-16-2009 06:52 AM
Re: ownership change
Thanx for the reply..
ls -ld / give times as Sep 10.
dr-xr-xr-x 70 bin bin 8192 Sep 10 16:50 /
what does it means..?
andplz provide exact command to find out the time of ownership changing..
regards
himacs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-16-2009 07:03 AM
тАО09-16-2009 07:03 AM
Re: ownership change
> ls -ld / give times as Sep 10.
> dr-xr-xr-x 70 bin bin 8192 Sep 10 16:50 /
> what does it means..?
> andplz provide exact command to find out the time of ownership changing..
This interrogates the 'mtime' or last modification timestamp. To examine the last "change" timestamp, do:
# ls -lcd
BUT, as I stated originally, the 'ctime' of a directory can change for a multitude of reasons. If your 'mtime' were older than your 'ctime' this would suggest that the 'ctime' really represented the time of your ownership modification.
AGAIN, you may be chasing an answer for which you have insufficient data.
I would examine root's shell history file in the hope that something there helps you.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-16-2009 08:05 AM
тАО09-16-2009 08:05 AM
Re: ownership change
OK JRF,
Actually i changed the ownership back to bin:bin.Nothing unusual found in .sh_history.
Anyhow let me check any other alternatives.
thanx for ur time.
regards
himacs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-16-2009 08:42 AM
тАО09-16-2009 08:42 AM
Re: ownership change
I have one other thought for you. If you have scripts that perform a 'cd' to change directory's make sure to test if the change is successful and take action if not.
This could include code, like:
cd ${MYPATH}
...where the variable is empty and your 'root' account's $HOME path is '/'.
Good scripting would either do:
set -u
cd ${MYPATH}
or:
cd /somepath || { echo "bad path!"; exit 1; }
In the case of the 'root' account, this is another good reason to change the ${HOME} directory from '/' to '/root'.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-16-2009 09:28 AM
тАО09-16-2009 09:28 AM
Re: ownership change
>My root filesystem ownership and group has been changed to a normal user.
What do you mean root filesystem permission.
I understand someone changed the mount point permission .
Btw, root can only change the mountpoint permission, and not the other users, unless the permission on that mountpoint is not root:root.
To check who changed permission check:
- you have howmany admins, or other users who uses root login.
- or howmany users you have with root sudo login access.
To Check : sulog , and sudolog what are the users logged in as root.
hth,
Raj.