HPE Community
Operating System - HP-UX
1826945 Members
2398 Online
109705 Solutions
New Discussion

Re: No group/ no user ownership

 
Rich Sanders
Occasional Contributor

‎10-17-2003 05:28 AM

‎10-17-2003 05:28 AM

No group/ no user ownership

I am concerned about some files that have no group or user ownership applied. In my auditor eyes, these are risky because:

1. They can be written to by anyone (open door for malicious code)

2. If they are critical files, some ownership should be established for accountability sake.

Anything else? Plese help!
'Well I woke up Sunday morning, with no way to hold my head, that didn't hurt. And the beer I had for breakfast wasn't bad, so I had one more for dessert'
0 Kudos
Reply
5 REPLIES 5
RAC_1
Honored Contributor

‎10-17-2003 05:42 AM

‎10-17-2003 05:42 AM

Re: No group/ no user ownership

Find out sych files.

find . -type f \( -nouser -o -nogroup \) -exec ll {} \;

Check what are those files. (file file_name or stings file)
If thay are unnecessary files you can just delete it. If those are of some use change the ownership.
There is no substitute to HARDWORK
0 Kudos
Reply
Rich Sanders
Occasional Contributor

‎10-17-2003 06:07 AM

‎10-17-2003 06:07 AM

Re: No group/ no user ownership

But, I am correct in my statement, right?



'Well I woke up Sunday morning, with no way to hold my head, that didn't hurt. And the beer I had for breakfast wasn't bad, so I had one more for dessert'
0 Kudos
Reply
RAC_1
Honored Contributor

‎10-17-2003 06:14 AM

‎10-17-2003 06:14 AM

Re: No group/ no user ownership

1. They can be written to by anyone (open door for malicious code)

NO, it depends on the permissions on file. If it is wordwritable then anybody can write to it.

2. If they are critical files, some ownership should be established for accountability sake.

True. (Check what are those files and why these is no ownership)
There is no substitute to HARDWORK
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎10-17-2003 06:40 AM

‎10-17-2003 06:40 AM

Re: No group/ no user ownership

Files can not have "no group or user ownership". It is just not possible in unix of any variety. What *is* possible is that the uid and / or gid of the owner / group of a file is displayed. If this is the case, that means that the uid or gid displayed does not exist in /etc/passwd or /etc/group.

Now if you have a file like that, the permissions on the file still control who can / can't do things with the file. If the permissions do not allow anyone other than the owner to do something with the file, then that is still in effect even though the owner shows as a UID.

So, to your statement 1 -- That still depends entirely upon the permissions of the files.

To statement 2 -- Yes, *ALL* files should have some legitimate user / group.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎10-17-2003 01:25 PM

‎10-17-2003 01:25 PM

Re: No group/ no user ownership

Send your auditor to Unix 101 class. *EVERY* file and directory in Unix has a number for the user and a number for the group. The ONLY reason yoi see a username and groupname is that ls -l is scanning /etc/passwd and /etc/group to find a match. When a match is found, the names are substituted for the numbers. Files and directories without matching owners should be examined to determine why they do not match. Perhaps a junior sysadmin just edited the passwd file directly, or a poorly written install script never set specific ownerships on a set of files.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.