HPE Community
Operating System - HP-UX
1833723 Members
2494 Online
110063 Solutions
New Discussion

/tcb/files/auth/X and x missing - now what?

 
SOLVED
Go to solution
ConnieK
Regular Advisor

‎06-05-2003 07:30 AM

‎06-05-2003 07:30 AM

/tcb/files/auth/X and x missing - now what?

Specifics: HP V2500 running 11.0

A security rep needs to build a user account on this system with userid beginning with "x". She reports back that the system will not let her add it. I assume she is using SAM.

My investigation shows that the "X" and the "x" directories under /tcb/files/auth are missing.

This happened once before about 8 months ago when she needed to add another userid starting with "x", and I just created the "x" directory and things seemed to work fine.

Now the "x" and the "X" directory are missing again and authck -p reports that the first userid is in /etc/passwd and not in the PPD.

So, I'm stumped. First of all I can't figure out what's happening to the "X" and "x" directories. Second, if I have the security rep try to delete the first account, wait until I touch the missing directories, and then create both 'x' accounts, will it work and will it last? Third, should I just unconvert and convert? This may cause all kinds of problems with the multitude of other users.

Thoughts anyone?
Connie K.



Independent by nature
0 Kudos
Reply
5 REPLIES 5
Stefan Farrelly
Honored Contributor

‎06-05-2003 07:37 AM

‎06-05-2003 07:37 AM

Re: /tcb/files/auth/X and x missing - now what?

I would try recovering the x and X directories from backup first as the other options may cause even more problems.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
ConnieK
Regular Advisor

‎06-05-2003 07:58 AM

‎06-05-2003 07:58 AM

Re: /tcb/files/auth/X and x missing - now what?

Stefan,

I was hoping not to have to perform a restore, as I would have to search through a multitude of backup sessions through Veritas NetBackup to find when the "X" and "x" directories actually were there. I can't rely on the one user built previously to complain as I don't think he's EVER logged in to use his account, but of course, since the tcb file is missing, I'll never know.
Independent by nature
0 Kudos
Reply
Darren Prior
Honored Contributor

‎06-05-2003 08:21 AM

‎06-05-2003 08:21 AM

Solution

Re: /tcb/files/auth/X and x missing - now what?

Hi Connie,

It's certainly confusing that those 2 dirs are disappearing. Are any of the other alphabet dirs under /tcb/files/auth missing? These dirs are owned by root:sys and have 770 permissions - really only root should be able to remove them. This suggests that someone is removing them, maybe by mistake? X/x is a pretty rare first letter for a username so maybe someone removed the dir if it had no files inside as part of some tidy up? Perhaps it's time to look round any cron jobs or manual housekeeping type scripts to see if there's any that might be doing the removing!

I don't think you can guarantee that it won't happen again - so maybe running authck -pv on a regular basis will help track down exactly when the dir is getting removed.

So, how can you fix the system now? You've mentioned that you don't really want to go through the backups to restore the dirs. How about creating the missing X/x dirs, then manually creating the /tcb files for the users. you'll need to step through /etc/passwd finding each X/x user and creating a file for them under /tcb/files/auth/x. You can use another user's tcb file as a template - just remember to ensure that you put the username in the appropriate places; also the uid and an unused audit id. Then ensure the password is blank; you can set that later.

Once you've done this run authck -pv to be sure that the tcb and /etc/passwd are matched. You will of course have lost the password for the missing users, along with their details of last login, etc but it will save the hassle of unconverting/converting and losing this data for all the users.

regards,

Darren
Calm down. It's only ones and zeros...
Reply
ConnieK
Regular Advisor

‎06-05-2003 09:21 AM

‎06-05-2003 09:21 AM

Re: /tcb/files/auth/X and x missing - now what?

Darren,

In answer to your question, no, no other directories are missing - that's why I was stumped. I fully intend to go on a "bug hunt" ASAP.

I will re-create the directories again and use a template from another directory to make sure I get the structure correct for the existing account. I am thankful for ONE thing so far... at least I only have to rebuild ONE account!

Thanks Darren!

Points coming!
Independent by nature
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎06-05-2003 10:22 PM

‎06-05-2003 10:22 PM

Re: /tcb/files/auth/X and x missing - now what?

Hi,

Its a bit of a hack, but the way that I have got out of this before is to create the "x" directory, then copy another user file such as root, then rename it to this user. Finally edit the file and remove the encrypted passwd string from the file, and run "passwd x" to allocate a new one.

You should find that this will fix your database, and allow you to login and/or delete this user.

In my experience the "tcb" is very unreliable once you start to add and remove a large number of users, or you make any manual changes to it. The best part is when you talk to HP and they tell you that they don't support any of the command line utilities that maintain it.

Good luck!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.