Strange ownership issues
Rick Stevens
rstevens at vitalstream.com
Thu Aug 25 16:43:05 UTC 2005
Jay Shampur wrote:
> Hi Rick,
>
> Thank you very much - that is indeed the case.
Glad to help. It _is_ a bit disconcerting, isn't it? I remember
getting a tarball from someone, untarring it and finding it had _my_
UID in it. I then recalled that I helped him set up the box and it
was set up just as mine was (first user added was "master", second was
his login, just as my machine had the first user as "master" and the
second MY login). As a result, his UID on his machine was 101, and
the UID for my account on my machine was also 101, so the unpacked
tarball appeared to come from me. As I said, a bit disconcerting at
first!
We use the "master" login as the only allowed ssh or ftp remote login
name. From there you have to "su -" and know the root password to do
any damage. Just one more hoop to make hackers jump through.
> On 8/24/05, Rick Stevens <rstevens at vitalstream.com> wrote:
>
>>Jay Shampur wrote:
>>
>>>I've recently installed a Red Hat ES3 Update5 on a Compaq Proliant
>>>box. There are only two accounts defined at the moment: darryl and
>>>mysql.
>>>
>>>I logged in as root, unzipped a tarball in /root folder, and this
>>>tarball uncompressed into a folder. So far, so good. The wierd part
>>>is that this new folder - which did not exist prior me uncompressing -
>>>has the owner darryl group darryl.
>>>
>>>I know I did not su into this account or otherwise - also various
>>>folders which were created when I installed Apache 1.3.33 from source
>>>and other software, have their ownership set to various other groups
>>>such as mysql, games etc.,
>>>
>>>I have not found any pattern in this - can anyone help?
>>
>>Keep in mind that the user names and group names shown in "ls" listings
>>are for your benefit. The system doesn't store names in the ownerships,
>>it stores the UID and GID (user and group numeric ID) values. "ls", by
>>default, tries to match the numeric UID or GID to the /etc/passwd or
>>/etc/group file. If there's a match, the corresponding name is displayed.
>>
>>All this means is that the tarball was created by someone on another
>>machine whose UID matches the UID of user "darryl" on your box. Do an
>>"ls -n" on the new folder, then compare those UIDs and GIDs to your
>>/etc/passwd file and you'll find that they match.
>>
>>By default, RHEL starts creating new users using UID 100 and GID 100
>>and increments them as each user is added. This is controlled by the
>>file /etc/defaults/useradd.
>>----------------------------------------------------------------------
>>- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
>>- VitalStream, Inc. http://www.vitalstream.com -
>>- -
>>- Lottery: A tax on people who are bad at math. -
>>----------------------------------------------------------------------
>>
>>_______________________________________________
>>Redhat-install-list mailing list
>>Redhat-install-list at redhat.com
>>https://www.redhat.com/mailman/listinfo/redhat-install-list
>>To Unsubscribe Go To ABOVE URL or send a message to:
>>redhat-install-list-request at redhat.com
>>Subject: unsubscribe
>>
>
>
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request at redhat.com
> Subject: unsubscribe
>
--
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- "I'd explain it to you, but your brain might explode." -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list