Calm down everyone, except you Eppelin, you have a problem. Nobody
is a normal
user account for some processes, such as httpd, to use. It has no
permissions.
Squid is a proxy server. If squid is installed it probably creates that user
to run as. As far as the user 'own' goes. I have never heard of that for
legit process. It sounds like somebody "owned" your box, ie..
hacked. The 0:0
is the user id and group id for root. Nobody should have that but root. It
doesn't look to good, sorry.
On Thu, 11 May 2000, you wrote:
This type of question begets curiosity so I checked the /etc/passwd on my
Qube2 and found :
nobody:*:YY:YY:Nobody:/:
and
squid:*:16:Squid Cache:/home/squid
What's up with this stuff? Anyone know?
----- Original Message -----
From: G Eppelin <geppelin@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Thursday, May 11, 2000 3:27 AM
Subject: [cobalt-security] "own" user
> I found this line in my /etc/passwd file:
>
> own:x:0:0::/root:/bin/bash
>
> Should this extra root user be there or has something really bad happened?
>
> G.
>
>
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security
--
Marc Soda
ASPRE, Inc.
msoda@xxxxxxxxx
http://www.aspre.net/
e-Business that works
---------------------------------
The first exclusive e-Business Application Service Provider (ASP)
v. 215.957.2266 Ext. 130
f. 215.957.2277
110 Gibraltar Road, Suite 105
Horsham, PA 19044
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security