[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM_pwdb reports user as root



On Sat, 17 Apr 1999, Robert T. Bevill wrote:

> Why is PAM reoprting this?

> Apr 17 17:28:47 olympus PAM_pwdb[5420]: (login) session opened for user jsmith by tjones(uid=0)

> When user jsmith, or any other user for that matter, attempts to login, PAM
> claims that tjones is root, or at least `uid=0`.  The /etc/group properly
> says that uid 0 belongs only to root.
This would be listed in /etc/passwd, not in /etc/group.

> Another odditty -- whenever I ftp to another site, as root, the default
> username that appears is tjones -- not root.  Since there is no .netrc file
> in the /root directory, where is the system picking this tjones up from?
> What gives?

What does 'id' tell you from the commandline?  It definitely sounds like you
have another uid=0 account in /etc/passwd...  my immediate guess is that your
machine has been cracked...

-Steve Langasek



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []