[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] "own" user
- Subject: Re: [cobalt-security] "own" user
- From: Marc Soda <msoda@xxxxxxxxx>
- Date: Thu, 11 May 2000 14:20:29 -0400
- Organization: Aspre, Inc.
Calm down everyone, except you Eppelin, you have a problem. Nobody is a normal
user account for some processes, such as httpd, to use. It has no permissions.
Squid is a proxy server. If squid is installed it probably creates that user
to run as. As far as the user 'own' goes. I have never heard of that for
legit process. It sounds like somebody "owned" your box, ie.. hacked. The 0:0
is the user id and group id for root. Nobody should have that but root. It
doesn't look to good, sorry.
On Thu, 11 May 2000, you wrote:
> This type of question begets curiosity so I checked the /etc/passwd on my
> Qube2 and found :
>
> nobody:*:YY:YY:Nobody:/:
>
> and
>
> squid:*:16:Squid Cache:/home/squid
>
> What's up with this stuff? Anyone know?
> ----- Original Message -----
> From: G Eppelin <geppelin@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Sent: Thursday, May 11, 2000 3:27 AM
> Subject: [cobalt-security] "own" user
>
>
> > I found this line in my /etc/passwd file:
> >
> > own:x:0:0::/root:/bin/bash
> >
> > Should this extra root user be there or has something really bad happened?
> >
> > G.
> >
> >
> >
> >
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
--
Marc Soda
ASPRE, Inc.
msoda@xxxxxxxxx
http://www.aspre.net/
e-Business that works
---------------------------------
The first exclusive e-Business Application Service Provider (ASP)
v. 215.957.2266 Ext. 130
f. 215.957.2277
110 Gibraltar Road, Suite 105
Horsham, PA 19044