Mailing List Archive: Ownership of "/etc"

Ownership of "/etc"

Jul 22, 2002, 7:10 AM

Post #1 of 3 (1229 views)

On both our new filers, running 6.1.2R1, I have just noticed that the
ownership of its "/vol/vol0/etc" belongs, not to the expected "root", but
to an apparently arbitrary uid "20041" (gid "30").

Fortunately:
(a) we have not allocated that uid to anyone;
(b) I think the only machine to which "/etc" would be user-accessible
(a Solaris UNIX box fro our user admin.) can have access restrictions
to prevent telnet/ssh-like user-access.

Nevertheless, it does seem a little worrying (correction, potentially very
worrying) that this critical "/etc" directory is owned by an ordinary
user. (Just suppose this October's student intake allocates that uid to
someone who likes exploring...)

All the contents of "/etc" are root-owned, except for a subdirectory
called "java" and within that some (not all) of its contents:

drwxr-xr-x 3 20041 30 4096 Jun 11 08:11 .
drwxr-xr-x 20 20041 30 65536 Jul 22 14:53 ..
-rwxr-xr-x 1 root other 1912820 Jan 9 2002 .jitcache.db
-rw-r--r-- 1 root root 1912820 May 14 14:05 .jitcache.db.saved
-rwxr-xr-x 2 root other 8844945 Jan 8 2002 classes.zip
-rwxr-xr-x 2 root other 8844945 Jan 8 2002 classes.zip-inuse
-rw-r--r-- 1 20041 30 238737 Oct 13 2000 crysec.zip
-rw-rw-r-- 1 root root 139895 Jun 14 00:35 jit.log
-rw-r--r-- 1 20041 30 505097 Oct 13 2000 jsafe.zip
drwxr-xr-x 3 root root 4096 May 14 14:05 lib
-rwxr-xr-x 2 root other 1422554 Jan 8 2002 netapp.zip
-rwxr-xr-x 2 root other 1422554 Jan 8 2002 netapp.zip-inuse
-rw-r--r-- 1 20041 30 217093 Oct 13 2000 phaos.zip
-rwxr-xr-x 2 root other 1942824 Jan 8 2002 redshift.zip
-rwxr-xr-x 2 root other 1942824 Jan 8 2002 redshift.zip-inuse
-rw-r--r-- 1 20041 30 113216 Oct 13 2000 secureadmin.zip
-rwxr-xr-x 2 root other 139753 Jan 8 2002 servlet.zip
-rwxr-xr-x 2 root other 139753 Jan 8 2002 servlet.zip-inuse

Is this general, affecting other sites, or does it suggest that something
peculiar happened at our installation?

I understand that, since site installation, we have had something added:
from memory, I think it was "Secure FilerView", but I may be wrong, and
the local person who oversaw this is currently away.

Any comments, anyone?

--

: David Lee I.T. Service :
: Systems Programmer Computer Centre :
: University of Durham :
: http://www.dur.ac.uk/t.d.lee/ South Road :
: Durham :
: Phone: +44 191 374 2882 U.K. :

Re: Ownership of "/etc" [ In reply to ]

brilong at cisco

Jul 22, 2002, 8:05 AM

Post #2 of 3 (1213 views)

Permalink

> On both our new filers, running 6.1.2R1, I have just noticed that the
> ownership of its "/vol/vol0/etc" belongs, not to the expected "root", but
> to an apparently arbitrary uid "20041" (gid "30").

David,

Of my 9 local filers running 6.1.2R1, all of them have /etc owned by root.
I'm not running Secure Filerview. These were all upgraded from 5.3.7R3 in
the past 2 months.

/Brian/
--
Brian Long | | |
Americas IT Hosting Sys Admin | .|||. .|||.
Phone: (919) XXX-XXXX | ..:|||||||:...:|||||||:..
Pager: (888) XXX-XXXX | C i s c o S y s t e m s

Re: Ownership of "/etc" [ In reply to ]

cet1 at cus

Jul 22, 2002, 9:34 AM

Post #3 of 3 (1212 views)

Permalink

t.d.lee@durham.ac.uk (David Lee) writes:
[...]
>
> I understand that, since site installation, we have had something added:
> from memory, I think it was "Secure FilerView", but I may be wrong, and
> the local person who oversaw this is currently away.

It looks to me as if the files affected are exactly those associated with
that product. The fact that /etc and /etc/java also have the changed uid
and gid is just what one would expect if the thing came as a tar file to
be unpacked as root (without the 'o' option), and it contained those settings.

Have you still got the tar file (if that's what it is)? You could "tar -t"
it to see if the 20041/30 uid/gid's are there.

Anyone from NetApp prepared to say who uid 20041 is there? :-)

Chris Thompson
Email: cet1 [at] cam.ac.uk