HPE Community
Operating System - HP-UX
1820318 Members
2370 Online
109623 Solutions
New Discussion юеВ

ownership of / directory

 
Rick Garland
Honored Contributor

тАО05-19-2006 02:15 AM

тАО05-19-2006 02:15 AM

ownership of / directory

Hi all:

We have multiple HPUX 11.23 systems on RISC and on ia-64.

Doing some swverify tasks I get warnings about the / directory not owned by root:root.

They are owned by daemon:daemon.

I have checked the systems and some are daemon:daemon while others are root:root. I cannot find a pattern as to why this so. I have queried my peers and they have not made the changes. I even loaded 1 of the RISC systems and I did not change the owners.

All systems have Oracle. All but 1 of the RISC systems is MCSG member.

Any ideas?

Thanks
0 Kudos
Reply
8 REPLIES 8
Patrick Wallek
Honored Contributor

тАО05-19-2006 02:22 AM

тАО05-19-2006 02:22 AM

Re: ownership of / directory

No idea Rick. It would appear to me that something or someone had to change them at some point.

I just check all of my systems (28 of them, a combo of 10.20, 11.0, 11.11 and 11.23) and all except 1 system have root:root for / ownership. The one odd-ball system has root:sys for / ownership.

root:root is the standard. I don't know that it really would make any difference since root has access to everything anyway, but it is definitely non-standard.

I would be tempted to fix those that are daemon:daemon, if the pain of going through your change management process isn't too bad.
0 Kudos
Reply
Florian Heigl (new acc)
Honored Contributor

тАО05-19-2006 02:25 AM

тАО05-19-2006 02:25 AM

Re: ownership of / directory

From my experience those changes sometimes are actually related to swinstall'ing packages that (I guess) were created on systems with different permissions.

Switch back to root:root and monitor for a change and then check if some software was rolled out that day.

Regards,
Florian
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО05-19-2006 02:31 AM

тАО05-19-2006 02:31 AM

Re: ownership of / directory

Hi Rick:

I don't have any 11.23 systems to interrogate.

However, a somewhat similar anomoly appeared last month for some entities in '/usr'.

You might try searching the IPD ('/var/adm/sw/products') looking for matches where either the 'uid' or 'gid' is set to 'daemon'. This might point to something. See the thread here:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1023107

Regards!

...JRF...
0 Kudos
Reply
TwoProc
Honored Contributor

тАО05-19-2006 02:34 AM

тАО05-19-2006 02:34 AM

Re: ownership of / directory

Just a thought -
Are one of the subdirectories off of root owned by daemon:daemon also? If so, then I'm thinking someone or some software did a "chown daemon:daemon .* " from inside the subdirectory that is also owned by daemon:daemon.

We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
Arunvijai_4
Honored Contributor

тАО05-19-2006 03:25 AM

тАО05-19-2006 03:25 AM

Re: ownership of / directory

Hi Rick,

Perhaps, you may take a look at HP-UX Security guide Section 5.3.5

http://sabernet.home.comcast.net/papers/hp-ux9.html

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
V. Nyga
Honored Contributor

тАО05-19-2006 03:39 AM

тАО05-19-2006 03:39 AM

Re: ownership of / directory

Hi,

one added thought to John's tipp:
chmod -R .... could have done that.

Other possibility: user id of root changed to daemon?

Volkmar
*** Say 'Thanks' with Kudos ***
0 Kudos
Reply
V. Nyga
Honored Contributor

тАО05-19-2006 03:40 AM

тАО05-19-2006 03:40 AM

Re: ownership of / directory

Sorry

chown -R .... of course

V.
*** Say 'Thanks' with Kudos ***
0 Kudos
Reply
Rick Garland
Honored Contributor

тАО05-19-2006 06:20 AM

тАО05-19-2006 06:20 AM

Re: ownership of / directory

Hi all:

Thanks for the feedback and ideas.
Did some scouting and I am unable to find anything. Looked at history files, the IPD, security docos, etc.

I am going to change them back and keep an eye on.

I did find a pattern. The PRD systems still have the root:root while the DEV/TST systems have the daemon:daemon. First thought would be some patch bundle did it as the PRD systems are a cycle behind.

Will keep posted.

Thanks again!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.