HPE Community
Operating System - HP-UX
1833827 Members
2034 Online
110063 Solutions
New Discussion

Re: Unknown user and group IDs

 
SOLVED
Go to solution
Ricky_2
Frequent Advisor

‎09-26-2002 10:57 PM

‎09-26-2002 10:57 PM

Unknown user and group IDs

Hi, I was going through my system and was puzzled to find that some of the dirs and files have IDs, eg root:59999, 1612:users, that are not found in the /etc/passwd and /etc/group files. Can you tell me who actually created these files and is there any security concern? Thanks.
0 Kudos
Reply
6 REPLIES 6
Ravi_8
Honored Contributor

‎09-26-2002 11:13 PM

‎09-26-2002 11:13 PM

Solution

Re: Unknown user and group IDs

Hi,

These files might be downloaded(from net) files,
look at one of orcale9i rel2 directory which has been downloded from otn in my system

drwxr-xr-x 3 25882 502 512 Aug 29 02:17 Disk4

uid 25882 and gid 502 dosen't exist in passwd/group file
never give up
Reply
Ravi_8
Honored Contributor

‎09-26-2002 11:14 PM

‎09-26-2002 11:14 PM

Re: Unknown user and group IDs

Hi,

These files might be downloaded(from net) files,
look at one of orcale9i rel2 directory which has been downloded from otn in my system

drwxr-xr-x 3 25882 502 512 Aug 29 02:17 Disk4

uid 25882 and gid 502 dosen't exist in my passwd/group file
never give up
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎09-26-2002 11:19 PM

‎09-26-2002 11:19 PM

Re: Unknown user and group IDs

Ricky

When files are created by users/groups the UID and GID is placed with the file, so if you list a dir each file is interogated and from the groups and passwd file its owner and group is displayed.

Files that display a number instead od owner or group do not have an entry in groups or password.

There is a slight security concern and it is best to very fully investigate and either attribute new ownership or delete them (after backing them up).


HTH


Paula
If you can spell SysAdmin then you is one - anon
Reply
steven Burgess_2
Honored Contributor

‎09-26-2002 11:24 PM

‎09-26-2002 11:24 PM

Re: Unknown user and group IDs

Hi Ricky

These files could belong to users that are no longer known to the system

example (had this yesterday where a site had lost a root disk, they had taken no ignites and no full backups - /etc/passwd lost had to build the OS from CD.)users home directories were still available but no reference in the passwd file

HTH

Steve
take your time and think things through
Reply
Ricky_2
Frequent Advisor

‎09-26-2002 11:37 PM

‎09-26-2002 11:37 PM

Re: Unknown user and group IDs

Hi, thank you for the responses. My concern here is that some of these files even have a root owner and an unknown group. Could they have been created by some users/ applications (I'm running Omniback and ServiceGuard)running commands with suid? How can I trace the creator of these files? Thanks.
0 Kudos
Reply
Michael Tully
Honored Contributor

‎09-26-2002 11:45 PM

‎09-26-2002 11:45 PM

Re: Unknown user and group IDs

I've seen many times where you can download mainly tar archives from various places, even source code which has any number of user and group id's. Once extracted from the archive, they will be unknown.
If you know where they have come from, no problem. Just remember, that when they are put into a tar archive from the site that they have come from, they will use the user/group id from that site's /etc/passwd file.
As far as the security concern, make sure that you create ownerships when convenient. Only when there is a unidentified userid/username on your system should you worry. Take particular note of changes to your password file for the addition of new users.
Anyone for a Mutiny ?
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.