HPE Community
Operating System - HP-UX
1827238 Members
2305 Online
109716 Solutions
New Discussion

Checking File Permissions

 
SOLVED
Go to solution
Sanjay Verma
Super Advisor

‎03-25-2002 09:20 PM

‎03-25-2002 09:20 PM

Checking File Permissions

Hi,

I require the solution for the mentioned query asap:

Scenario: User "a" modified the file permissions of "xxx" file. How user "b" can identify who has modified the "xxx" file?

Hope to find the solution from the expert brains.

Regards,
Sanjay
Co-operation - The biggest chain reaction
0 Kudos
Reply
9 REPLIES 9
K.Vijayaragavan.
Respected Contributor

‎03-25-2002 09:29 PM

‎03-25-2002 09:29 PM

Solution

Re: Checking File Permissions

Hi,

If that file was properly secured only the root and the owner of the file can do it.

If that file "xxx" had write permission for the group members any body from that group might have done it.

If it had write permission for the others any body can change the permission on it.

But there is no way to find who has changed the permission of a file to it's present state.

-Vijay
"Let us fine tune our knowledge together"
Reply
Michael Tully
Honored Contributor

‎03-25-2002 09:34 PM

‎03-25-2002 09:34 PM

Re: Checking File Permissions

Unless the user has a .sh_history file, you
might be out of luck. Do have system accounting or auditing running?

Solutions:
If the file was owned by 'root' change the root
password.
Implement 'sudo'
Anyone for a Mutiny ?
Reply
steven Burgess_2
Honored Contributor

‎03-25-2002 09:37 PM

‎03-25-2002 09:37 PM

Re: Checking File Permissions

Hi

do an ll on the file, when was it changed ?

do a last | more to see who was logged when the file was modified

if you have any idea who may have changed it you could check there .sh_history in there home directory, you will be able to see their last commands

Regards

Steve


take your time and think things through
Reply
Stefan Schulz
Honored Contributor

‎03-25-2002 11:00 PM

‎03-25-2002 11:00 PM

Re: Checking File Permissions

HI,

as far as i know there is no information stored in the inode who changed the filepermissions. So there is no way to check this afterwards.

The only thing i can think of is some kind of auditing. This already helped me a lot on a Novell Server. But i don't have experience with the auditing that comes with HP-UX.

Hope this helps

Regards Stefan
No Mouse found. System halted. Press Mousebutton to continue.
Reply
Deepak Extross
Honored Contributor

‎03-26-2002 02:40 AM

‎03-26-2002 02:40 AM

Re: Checking File Permissions

I must be missing something here, but I thought that ONLY the file owner or root could change the permissions.

Just tested it out, and even though my test file has 777 permissions, a different user cannot chmod it. Does the permission on the directory holding the file have anything to do with this?
Reply
Ruediger Noack
Valued Contributor

‎03-26-2002 02:54 AM

‎03-26-2002 02:54 AM

Re: Checking File Permissions

Deepak,

I agree absolutely!

Ruediger
Reply
pap
Respected Contributor

‎03-26-2002 08:38 AM

‎03-26-2002 08:38 AM

Re: Checking File Permissions

Hi,
One can change the file permissions if

1. He is a root user.
2. If the user is belongs to group membership of that file.

3. Owner of that file.

If you want to find out who changed the file permissions, just keep focus on group members of that file. Then examine the .sh_history fiel and you will come to kno who changed the file permissions.

-pap

"Winners don't do different things , they do things differently"
Reply
Ralph Grothe
Honored Contributor

‎03-26-2002 09:03 AM

‎03-26-2002 09:03 AM

Re: Checking File Permissions

Deepak,

if the directory that holds the file has the write bit set for user or group of user who wants to modify the file, and has not set the sticky bit, then this person could replace the file with a namesake file of his own with other permission bits.
Thus, he indeed can indirectly chmod of a file.
Madness, thy name is system administration
Reply
Sanjay Verma
Super Advisor

‎04-29-2003 07:33 PM

‎04-29-2003 07:33 PM

Re: Checking File Permissions

Hi Friends,
Thanks for your response and sorry for the delay in assigning points.
Yes, the issue was resolved after using the "scmd" command. Worthwile trying it.
Co-operation - The biggest chain reaction
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.