HPE Community
Operating System - HP-UX
1826381 Members
4133 Online
109692 Solutions
New Discussion

file permissions changed - urgent pls

 
SOLVED
Go to solution
BKUMAR
Frequent Advisor

‎04-28-2003 07:58 AM

‎04-28-2003 07:58 AM

file permissions changed - urgent pls

Hi All,

i noticed all the file permisions got changed to its user-id,group-id and the applications openview is unable to start stating

for #sudo ovstart
-->sudo: uid 102 does not exist in the passwd file!
for whoami
-->Intruder alert.

i checked the uid 102 is in passwd and groups all are fine and the permisions like
-r--r--r-- 1 2 2 332 Mar 20 14:20 /etc/group
-r--r--r-- 1 0 1 1108 Apr 7 12:29 /etc/passwd

This server has Openview and telalert application....any advise and hints highly
appreciated

Thanks in advance

Unix Administration Most Dedicated and Challenging Career in the World
0 Kudos
Reply
7 REPLIES 7
S.K. Chan
Honored Contributor

‎04-28-2003 08:03 AM

‎04-28-2003 08:03 AM

Solution

Re: file permissions changed - urgent pls

Have you try running the password file and group file checker just to make sure those files are good ?
# /usr/sbin/pwck
# /usr/sbin/grpck
Reply
S.K. Chan
Honored Contributor

‎04-28-2003 08:08 AM

‎04-28-2003 08:08 AM

Re: file permissions changed - urgent pls

There is a similar problem here in this thread it seems ..
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x9cc74e49c5cdd5118ff40090279cd0f9,00.html
..and the solution is to re-create the user (with UID 102). Anyway check the thread above..
0 Kudos
Reply
John Poff
Honored Contributor

‎04-28-2003 08:09 AM

‎04-28-2003 08:09 AM

Re: file permissions changed - urgent pls

Hi,

The 'intruder alert' message for 'whoami' usually means that the /etc/passwd and /etc/group files can't be read. Since you are showing them with 444 permissions they should be ok. What are the permissions on your /etc directory?

JP
0 Kudos
Reply
Dario_1
Trusted Contributor

‎04-28-2003 08:13 AM

‎04-28-2003 08:13 AM

Re: file permissions changed - urgent pls

I had a problem like that ones and found out a bad entry in the password file. All the accounts above the bad entry worked fine but the ones below did not. As mentioned, check your password file for bad entries.

/usr/sbin/pwck

Regards,

DR

0 Kudos
Reply
BKUMAR
Frequent Advisor

‎04-28-2003 09:56 AM

‎04-28-2003 09:56 AM

Re: file permissions changed - urgent pls

its weirn there is a user with script path /dev/null....made to /usr/bin/sh and for the same user group is not set properly

now all the files with thier usernames/group ids back

thanks all for your quick responses.....great

-bk
Unix Administration Most Dedicated and Challenging Career in the World
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎04-28-2003 11:53 AM

‎04-28-2003 11:53 AM

Re: file permissions changed - urgent pls

If an Ignite make_sys_image was running, for a time it makes /etc/passwd and /etc/group change while its copying them. This can last up to an hour, depending on image size, memory and processor speed.

Its a long shot, but it might explain the temporary absence of the files. If that was in fact the cause of the problem.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Govind
Frequent Advisor

‎04-28-2003 12:54 PM

‎04-28-2003 12:54 PM

Re: file permissions changed - urgent pls

I think its quite possible that someone tried to hack into your system. And tried to leave a BAD backdoor. Check your last logins to make sure where it came from.
Regards
Govind
Dont try to fix something till it Aint Broke...Honesty is not always the best policy.....
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.