Owner:Group on untarred program
redhat at buglecreek.com
redhat at buglecreek.com
Fri Sep 16 15:47:45 UTC 2005
I untared a program (chkrootkit) as root on a Redhat ES4 system and the
directory it created has the following owner and group:
drwxr-xr-x 2 1000 1000 4096
UID 1000 and GID 1000 does not exist on the system. After I compiled the
source the files in the directory have the following owner and group:
-r--r--r-- 1 1000 1000 3365 Feb 21 2005 ACKNOWLEDGMENTS
-rwxr-xr-x 1 root root 2860 Sep 8 14:48 check_wtmpx
-r--r--r-- 1 1000 1000 7195 Sep 6 2004 check_wtmpx.c
-rwxr-xr-x 1 root root 6144 Sep 8 14:48 chkdirs
-r--r--r-- 1 1000 1000 6781 Sep 6 2004 chkdirs.c
-rwxr-xr-x 1 root root 6656 Sep 8 14:48 chklastlog
-r--r--r-- 1 1000 1000 7730 Nov 16 2004 chklastlog.c
-rwxr-xr-x 1 root root 6768 Sep 8 14:48 chkproc
-r--r--r-- 1 1000 1000 7613 Sep 13 2004 chkproc.c
-rw-r--r-- 1 root root 4603 Sep 8 14:50 chkroot_09_08_05
-rwxr-xr-x 1 1000 wheel 71149 Feb 22 2005 chkrootkit
...
All executables are owned by root but the .c files are UID 1000. Doing
a tar tzvf on the tar ball outputs:
drwxr-xr-x rn/ 0 2005-02-22 07:06:40 chkrootkit-0.45/
-r--r--r-- rn/ 8771 2004-09-06 13:24:56
chkrootkit-0.45/ifpromisc.c
-r--r--r-- rn/ 1343 2004-09-06 13:24:56
chkrootkit-0.45/COPYRIGHT
-r--r--r-- rn/ 6781 2004-09-06 13:24:56
chkrootkit-0.45/chkdirs.c
-r--r--r-- rn/ 7195 2004-09-06 13:24:56
chkrootkit-0.45/check_wtmpx.c
-r--r--r-- rn/ 571 2005-02-21 14:20:46
chkrootkit-0.45/chkrootkit.lsm
...
Why is the owner and group 1000 when that does not exist on the system?
I assume that the user and group ids were from the system that the tar
was made on? Is this the case? Also, what does the rn/ mean in the tar
file?
Thank You
More information about the Redhat-install-list
mailing list