- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Unwanted processes belongs to UID 59999
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-27-2001 08:07 PM
тАО12-27-2001 08:07 PM
Unwanted processes belongs to UID 59999
Recently in our development servers, HPUX 11i, there has been something fishy going on. There are a few times when I saw multiple duplicated processes (java processes) running under the userid 59999. Any idea who this user is? And how to get rid of this UID?
FYI, there is no such UID in our server setting/configuration.
Best Regards,
Bambang
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-27-2001 08:42 PM
тАО12-27-2001 08:42 PM
Re: Unwanted processes belongs to UID 59999
try a "find" on that user-id:
find / -user 59999 -exec ls -abdl {} ";"
Could be there are SUID codefiles owned by that user-id!
HTH,
Wodisch
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-27-2001 08:52 PM
тАО12-27-2001 08:52 PM
Re: Unwanted processes belongs to UID 59999
Execute:
# grep 59999 /etc/passwd
A number of third-party software uses 59999 as the uid of their application logon.
Hope this helps. Regards.
Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-27-2001 08:53 PM
тАО12-27-2001 08:53 PM
Re: Unwanted processes belongs to UID 59999
I tried the command as suggested, but found nothing. No such files.
Thanks,
Bambang
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-27-2001 08:57 PM
тАО12-27-2001 08:57 PM
Re: Unwanted processes belongs to UID 59999
Try executing:
# find / -uid 59999 -exec ll {} \;
Hope this helps. Regards.
Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-28-2001 06:28 AM
тАО12-28-2001 06:28 AM
Re: Unwanted processes belongs to UID 59999
The following little C code shows how a program can change uid to one that isn't even on the system.
#include
main ()
{
char *proc = "/usr/bin/id";
setuid(59999);
system(&proc[0]);
} /* end of program*/
If root runs the program (or suid bit is on the executable) the process will change uid to 59999 even if that doesn't exist on the system. The program doesn't have to be owned by 59999 so find would not help. And if you don't have the source code for it, grep nor strings will help.
I'm sorry, but I'm not proficient enough in programming to help further. HOpefully someone else will take it from here.
Darrell
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-28-2001 06:52 AM
тАО12-28-2001 06:52 AM
Re: Unwanted processes belongs to UID 59999
UNIX95= ps -efH
and you'll be able to see the parent process(es).
--
mark