- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Permission issue
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 11:13 AM
02-06-2002 11:13 AM
Permission issue
I have a local (normal) username called 'user1', which I use for doing ftp. Today I saw some of the files in /usr/sbin, /usr/conf, /etc are changed it's owner to 'user1'. I didn't do this and nobody else can do that. I am wondering how it has changed !
Any idea ?
Thanks!
Shiju
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 11:21 AM
02-06-2002 11:21 AM
Re: Permission issue
What are the file names for which the permission were modified. Until the user copies those files to those directories, i don't think the permission should have got modified.
Hope this helps.
regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 11:31 AM
02-06-2002 11:31 AM
Re: Permission issue
Run 'pwck' and see if it reports any problems with /etc/passwd file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 11:32 AM
02-06-2002 11:32 AM
Re: Permission issue
some of them:
/usr/sbin/diskinfo
/usr/sbin/backup
/usr/sbin/fbackup
/usr/sbin/fuser
/usr/sbin/ifconfig
/usr/sbin/ifconfig
/usr/sbin/inetd
/usr/sbin/lanconfig
/usr/sbin/lvcreate
/usr/sbin/lvchange
/usr/sbin/vgdisplay ...etc and lot more which is system/root commands !
Does an NFS export make any difference ? Recently I have NFS exported a directory which was owned by 'user1'. I was logged in as root when i have done this. Do u think this will make any changes ?
Thanks!
Shiju
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 11:45 AM
02-06-2002 11:45 AM
Re: Permission issue
I don't see any reason how export of a user owned directory can change the file ownership in /usr/sbin.
The only possibility is if someone logged in as root and changed the permission of these files to see if these files can be executed by the new user "user1".
The other possibility is that the uid for "user1" is 0 and it appears first in the list in /etc/passwd before root. Is it like that ?.
Hope this helps.
regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 11:52 AM
02-06-2002 11:52 AM
Re: Permission issue
The first possibility is NO. Nobody has changed the permission to 'user1' to test something.
Secondly, my other sys-admin has a root equivalent user in the server ( which was created just by editing /etc/passwd and copying the root user and editing only the username ). So the /etc/passwd has two login names with the same UID ( uid 0) - root and admin. Does this make any logic ?
Also the 'user1' is a normal user and don't have any UID conflict with anything.
Thanks for the help ... points to follow !
Shiju
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 12:01 PM
02-06-2002 12:01 PM
Re: Permission issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 12:06 PM
02-06-2002 12:06 PM
Re: Permission issue
I don't see a connection. IF the user id "admin" has uid 0 other than root, then don't see any cause how user1 can become the owner of files in /usr/sbin.
Hope this helps.
Regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 12:06 PM
02-06-2002 12:06 PM
Re: Permission issue
root:swfdwER:0:3::/:/sbin/sh
admin:reRfRE:0:3::/:/sbin/sh
user1:asda3G:101:20:FTP user:/tmp/user1:/usr/bin/sh
Thanks!
Shiju
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 12:22 PM
02-06-2002 12:22 PM
Re: Permission issue
Are you using your local /etc/passwd file ?
ie Are you running NIS or anything similar ?
Duncan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 12:24 PM
02-06-2002 12:24 PM
Re: Permission issue
Another thing I notified now:
The user 'admin' was a user with UID 101 ( current UID of 'user1') before. Recently he reomoved it and made root equivalent.
But I still don't have the conclusion !
Shiju
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 12:31 PM
02-06-2002 12:31 PM
Re: Permission issue
If these files were owned by admin earlier and then the id was admin uid changed from "101" to "0", the system will change the owner to "user1" if a new user id is created with uid "101". A change of admin uid will not result in the change is the ownership of the files owned by that user. The ownership of a file is associated with the uid and not with the actual user name.
Hope this helps.
Regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 01:01 PM
02-06-2002 01:01 PM
Re: Permission issue
I understand that. But I don't think those files were owned by 'admin' !
Also when I run a 'find / -user' command, I could see one of the other exprted file system ( NFS) has changed it's files ownership to 'user1' ! Also the file /etc/exports ownership changed to 'user1'
No idea why this happened !
Shiju
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 02:18 PM
02-06-2002 02:18 PM
Re: Permission issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 08:18 PM
02-06-2002 08:18 PM
Re: Permission issue
Maybe this 'user1' has/had root access (a vulnerable password, a root shell or access to the console, perhaps) and he did a chown on these files?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 08:58 PM
02-06-2002 08:58 PM
Re: Permission issue
Just a word of caution. I can see that you are not using any shadowed passwords. This is dangerous because any user could have copied /etc/passwd and run crack on it.
I would suggest that you enable your system to be a trusted system with shadowed passwords.
If the root and admin passwords are weak (part of it is a dictionary word), there is a likelihood that your superuser passwords might have already been compromised.
As mentioned above, check all the ~/.sh_history history files for anomalies such as:
1) attempts to read or copy /etc/passwd
2) attempts to chown
Check also your /etc/group for anomalies.
Hope this helps. Regards.
Steven Sim Kok Leong
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2002 09:24 PM
02-06-2002 09:24 PM
Re: Permission issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2002 02:06 AM
02-07-2002 02:06 AM
Re: Permission issue
when you have two users with the same UID in your system they are hadled as ONE user after logging in. The only point of time user names are of any interest for OS is when getty processes do the login process and recieve their information out of /etc/passwd or shadow files. After this users and permissions are internally controlled only via UIDs. If you have / had two users with the same UID in your system, you can try the following:
user1 is owner of a file/directory and has UID 101
user2 has the same UID
user2 uses chmod for the file, but doesn't change permissions
after this, the new owner in a long listing will be user2 !!!
Could this be the answer to your questions?
Allways stay on the bright side of life!
Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2002 07:11 AM
02-07-2002 07:11 AM
Re: Permission issue
Thanks for all ya help so far !
I think there is a littlebit of confusion, my root password is not compromised. The /etc/passwd which I listed is just typed by me and is not the exact copy of the file ( i mean about the password entry, Steven ).
And the 'user1' is just a normal user created by me and nobody else can use that. Nobody else can play with either root or 'user1'. I have checked the sh_history file and couldn't find out anything wrong there too.
However, I have re-arranged all ownerships. Any more valuable inputs are welcome.
Thanks!
Shiju