HPE Community
Operating System - HP-UX
1821189 Members
3342 Online
109631 Solutions
New Discussion юеВ

Passwd file permissions change frequently

 
Hari Prasad_1
Occasional Contributor

тАО04-16-2004 12:39 PM

тАО04-16-2004 12:39 PM

Passwd file permissions change frequently

Hi
I have an IBM-AIX machine running database .
The permissions on "/etc/passwd" file get changed to r--r--r--.
could anyone give me a helping hand to trace out why & who the culprit is.
We enabled auditing. But thats of little help.
0 Kudos
Reply
10 REPLIES 10
A. Clay Stephenson
Acclaimed Contributor

тАО04-16-2004 02:10 PM

тАО04-16-2004 02:10 PM

Re: Passwd file permissions change frequently

Well, those are exactly the permissions you want but make sure that the file is owned by root and that the permissions on /etc are 755. Only root should be able to change the mode of this file; first thing to check for all multiple account with uid = 0.
If it ain't broke, I can fix that.
0 Kudos
Reply
generic_1
Respected Contributor

тАО04-16-2004 03:37 PM

тАО04-16-2004 03:37 PM

Re: Passwd file permissions change frequently

You may also want to check cronjobs or autosys/tivoli if you use these tools to make sure there is not a script doing this to your system.
0 Kudos
Reply
Senthil Kumar .A_1
Honored Contributor

тАО04-16-2004 04:45 PM

тАО04-16-2004 04:45 PM

Re: Passwd file permissions change frequently

hello hari,

No offense please,The question u have posed is very inappropiate.the reason being ..whether it is AIX or HPUX or SUN SOLARIS or it may be any unix flavour ,the permission of /etc/passwd is always r--r--r--
and is owned by root.

Even if u change the permission to some other value the passwd command will change the permission of passwd file to write temperorily internally and reverts the permission back to r--r--r-- at its next invocation. so stop fidlling with the permission of /etc/passwd.Actually their is no culprit on your premisises,it's just the default unix behaviour.
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Reply
KapilRaj
Honored Contributor

тАО04-16-2004 05:56 PM

тАО04-16-2004 05:56 PM

Re: Passwd file permissions change frequently

Let me correct it it should always be 644 owned by root.

You can do the following to prevent it

1. Change the root password
2. Remove .rhosts file from root user's home directory

Regds,

Kaps
Nothing is impossible
0 Kudos
Reply
venugopalakrishna.y.r
Advisor

тАО04-16-2004 06:41 PM

тАО04-16-2004 06:41 PM

Re: Passwd file permissions change frequently

hello,

senthil is right.
On hpux, 444 is the default file permission of /etc/passwd, whereas on linux it is 644 by default. I tried out on hpux an linux machines and found that it will revert back to default file permissions after some time.
It is nothing to do with .rhosts.

venu
0 Kudos
Reply
Senthil Kumar .A_1
Honored Contributor

тАО04-16-2004 07:56 PM

тАО04-16-2004 07:56 PM

Re: Passwd file permissions change frequently

hello hari,

one good news and one bad news

first : badnews: my previous reply is not that accurate..that is i might be right in direction of thinking...though it is not the inherent property of the commands like passwd or chsh or usermod...etc to revert back to default permission.

good news: My collegue is working on your problem indepth.He is trying it on linux and hpux servers.it seems after some time a process is reverting back the permissions of certain critical files.Actually we are presentling running a program in background to hunt the exact process which is doing so...Hope we will succeed in giving the exact process and probable explaination...

Cost you pay us : patience

regards
Senthil
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Reply
Hari Prasad_1
Occasional Contributor

тАО04-17-2004 08:18 AM

тАО04-17-2004 08:18 AM

Re: Passwd file permissions change frequently

Hi Senthil Kumar.
Thanks for your help.
The machine is in a remote site.
The owner of the machine says the current permissions as
-rw-r--r-- 1 root system 14343 Apr 15 09:35 /etc/passwd.

And they get changed to r--r--r--.which he doesnt want.
I shall pay my patience as your friend is already woking on this issue.
I shall be thankful if you could share your experience.

Regards
Hari
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО04-17-2004 01:35 PM

тАО04-17-2004 01:35 PM

Re: Passwd file permissions change frequently

I can't provide any unique solution, but since this is the HP-UX forum, perhaps some historical data may be helpful. Many years ago, the passwd command would actually change the permissions of the /etc/passwd file, probably a well-meaning gesture but certainly not documented and it was patched out of existence. Start by fixing the file on Friday evening. Tell all root users to stay away until Monday. Then add a cron job (any user allowed to use cron can run this job) which checks the permission of /etc/passwd). When it changes, log the change in syslog (logger is the command of choice in HP-UX) and/or send an email to root.

If it changes in the middle of the night and root did not login or su was not used, then the time will point to a potential cron job. The alternative is to search the IBM database to see if this is a feature of passwd (or some other command).


Bill Hassell, sysadmin
0 Kudos
Reply
Champak Chowdhuri
Advisor

тАО04-18-2004 02:32 PM

тАО04-18-2004 02:32 PM

Re: Passwd file permissions change frequently

Hi Hari,

I have seen this problem in HP-UX 11.00. When /var is 100% full, permission of /etc/passwd changes to r--r--r-- (400) or some time ---------(000). In both situation any normal user will not be able to read /etc/passwd file. All files in the system will show improper owner (number).

In that situation only root can login and can change permission of /etc/passwd to r--r--r-- (444) and ownership of all file comes back to normal. This problem I have seen in trusted systems.
0 Kudos
Reply
KapilRaj
Honored Contributor

тАО04-18-2004 05:16 PM

тАО04-18-2004 05:16 PM

Re: Passwd file permissions change frequently

Nice to see you here champak :)

Guys, excuse me I got a friend of mine ...

Kaps
Nothing is impossible
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.