Re: [cobalt-security] "own" user

[Marc Soda <msoda@xxxxxxxxx>]

Calm down everyone, except you Eppelin, you have a problem.  Nobody is a normal
user account for some processes, such as httpd, to use.  It has no permissions.
Squid is a proxy server.  If squid is installed it probably creates that user
to run as.  As far as the user 'own' goes.  I have never heard of that for
legit process.  It sounds like somebody "owned" your box, ie.. hacked.  The 0:0
is the user id and group id for root.  Nobody should have that but root.  It
doesn't look to good, sorry.


On Thu, 11 May 2000, you wrote:
> This type of question begets curiosity so I checked the /etc/passwd on my
> Qube2 and found :
> 
> nobody:*:YY:YY:Nobody:/:
> 
> and
> 
> squid:*:16:Squid Cache:/home/squid
> 
> What's up with this stuff?  Anyone know?
> ----- Original Message -----
> From: G Eppelin <geppelin@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Sent: Thursday, May 11, 2000 3:27 AM
> Subject: [cobalt-security] "own" user
> 
> 
> > I found this line in my /etc/passwd file:
> >
> > own:x:0:0::/root:/bin/bash
> >
> > Should this extra root user be there or has something really bad happened?
> >
> > G.
> >
> >
> >
> >
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
> 
> 
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
-- 
Marc Soda
ASPRE, Inc.
msoda@xxxxxxxxx
http://www.aspre.net/

e-Business that works
---------------------------------
The first exclusive e-Business Application Service Provider (ASP)

v. 215.957.2266 Ext. 130
f. 215.957.2277

110 Gibraltar Road, Suite 105
Horsham, PA 19044