|
|
|
|
|
|
| Author |
Message |
jwwarrenva@gmail.com
*nix forums beginner
Joined: 21 Jul 2006
Posts: 1
|
 Posted: Fri Jul 21, 2006 12:24 am Post subject:
Spontaneously changing file ownerships and permissions
|
|
|
Hi,
At the installation where I work, we have several networked Suns,
mostly running Solaris 9, and Windows PCs. Most of the files are on a
networked file server, serving both Unix and Windows. I am just a user
with good Unix skills, not a sysadmin.
Yesterday afternoon, for no apparent reason, all (or almost all) the
Unix files on the server changed to user=root, group=root,
permissions=777. The data seems unchanged. Files on the workstations'
local drives seem OK. We don't have a clue as to what happended,
although suspicion falls on the file server software-- Data on Tap, I
think it is (not sure about that).
We had a backup a couple of days old, and I was able to write a Perl
script which, when run by root, restored the files' users, groups, and
permissions to those from the backup. Everything looked OK. Then a
few hours later everything changed back to root, root, 777.
It's a pretty secure installation, so hacking seems unlikely, although
I suppose it's possible. We have just reached the end of a contract
and our old sysadmins are leaving at the end of the week. Their
replacements are relatively inexperienced. So far, we don't have a
clue as to what is causing the problem.
Any ideas? Ever seen anything like this?
John Warren |
|
| Back to top |
|
 |
Richard B. Gilbert
*nix forums Guru
Joined: 21 Feb 2005
Posts: 456
|
| Posted: Fri Jul 21, 2006 12:50 am Post subject:
Re: Spontaneously changing file ownerships and permissions
|
|
|
jwwarrenva@gmail.com wrote:
| Quote: | Hi,
At the installation where I work, we have several networked Suns,
mostly running Solaris 9, and Windows PCs. Most of the files are on a
networked file server, serving both Unix and Windows. I am just a user
with good Unix skills, not a sysadmin.
Yesterday afternoon, for no apparent reason, all (or almost all) the
Unix files on the server changed to user=root, group=root,
permissions=777. The data seems unchanged. Files on the workstations'
local drives seem OK. We don't have a clue as to what happended,
although suspicion falls on the file server software-- Data on Tap, I
think it is (not sure about that).
We had a backup a couple of days old, and I was able to write a Perl
script which, when run by root, restored the files' users, groups, and
permissions to those from the backup. Everything looked OK. Then a
few hours later everything changed back to root, root, 777.
It's a pretty secure installation, so hacking seems unlikely, although
I suppose it's possible. We have just reached the end of a contract
and our old sysadmins are leaving at the end of the week. Their
replacements are relatively inexperienced. So far, we don't have a
clue as to what is causing the problem.
Any ideas? Ever seen anything like this?
John Warren
|
Well hacking seems the likeliest cause of such behavior. Computers
don't just do things like that on their own. Somebody ran a program or
a script that did the dirty deed. It might even have been one or your
soon to be ex sysadmins. |
|
| Back to top |
|
|
CJT
*nix forums Guru Wannabe
Joined: 23 Feb 2005
Posts: 264
|
| Posted: Fri Jul 21, 2006 1:22 am Post subject:
Re: Spontaneously changing file ownerships and permissions
|
|
|
Richard B. Gilbert wrote:
| Quote: | jwwarrenva@gmail.com wrote:
Hi,
At the installation where I work, we have several networked Suns,
mostly running Solaris 9, and Windows PCs. Most of the files are on a
networked file server, serving both Unix and Windows. I am just a user
with good Unix skills, not a sysadmin.
Yesterday afternoon, for no apparent reason, all (or almost all) the
Unix files on the server changed to user=root, group=root,
permissions=777. The data seems unchanged. Files on the workstations'
local drives seem OK. We don't have a clue as to what happended,
although suspicion falls on the file server software-- Data on Tap, I
think it is (not sure about that).
We had a backup a couple of days old, and I was able to write a Perl
script which, when run by root, restored the files' users, groups, and
permissions to those from the backup. Everything looked OK. Then a
few hours later everything changed back to root, root, 777.
It's a pretty secure installation, so hacking seems unlikely, although
I suppose it's possible. We have just reached the end of a contract
and our old sysadmins are leaving at the end of the week. Their
replacements are relatively inexperienced. So far, we don't have a
clue as to what is causing the problem.
Any ideas? Ever seen anything like this?
John Warren
Well hacking seems the likeliest cause of such behavior. Computers
don't just do things like that on their own. Somebody ran a program or
a script that did the dirty deed. It might even have been one or your
soon to be ex sysadmins.
|
.... and it might be in a chron job, so don't be surprised to see it
happen again.
--
The e-mail address in our reply-to line is reversed in an attempt to
minimize spam. Our true address is of the form che...@prodigy.net. |
|
| Back to top |
|
|
victorfeng1973@yahoo.com
*nix forums beginner
Joined: 26 Oct 2005
Posts: 33
|
| Posted: Fri Jul 21, 2006 1:27 am Post subject:
Re: Spontaneously changing file ownerships and permissions
|
|
|
If the hack is from internal, based on what you just described, you can
check on the cron job for root. If there is nothing from root, check
on rest of other users because they can do sudo. Anyway, you can even
disable everybody's cronjob to see what happens.
After you are done with cronjob, you can just disconnect the box from
the world to narrow down the source of problem.
Regards
Victor |
|
| Back to top |
|
|
victorfeng1973@yahoo.com
*nix forums beginner
Joined: 26 Oct 2005
Posts: 33
|
| Posted: Fri Jul 21, 2006 1:35 am Post subject:
Re: Spontaneously changing file ownerships and permissions
|
|
|
You may use "/etc/init.d/cron stop" to stop cronjob.
Victor |
|
| Back to top |
|
|
Gary
*nix forums addict
Joined: 17 May 2005
Posts: 58
|
| Posted: Fri Jul 21, 2006 10:16 am Post subject:
Re: Spontaneously changing file ownerships and permissions
|
|
|
jwwarrenva@gmail.com wrote:
| Quote: | Hi,
At the installation where I work, we have several networked Suns,
mostly running Solaris 9, and Windows PCs. Most of the files are on a
networked file server, serving both Unix and Windows. I am just a user
with good Unix skills, not a sysadmin.
Yesterday afternoon, for no apparent reason, all (or almost all) the
Unix files on the server changed to user=root, group=root,
permissions=777. The data seems unchanged. Files on the workstations'
local drives seem OK. We don't have a clue as to what happended,
although suspicion falls on the file server software-- Data on Tap, I
think it is (not sure about that).
We had a backup a couple of days old, and I was able to write a Perl
script which, when run by root, restored the files' users, groups, and
permissions to those from the backup. Everything looked OK. Then a
few hours later everything changed back to root, root, 777.
It's a pretty secure installation, so hacking seems unlikely, although
I suppose it's possible. We have just reached the end of a contract
and our old sysadmins are leaving at the end of the week. Their
replacements are relatively inexperienced. So far, we don't have a
clue as to what is causing the problem.
Any ideas? Ever seen anything like this?
John Warren
I had a problem like this on one of our webservers when I took a weeks |
holiday.
The other admin spent 3 days rebuilding the firewalls etc etc etc.
Luckily (for once) this WAS a production server so he couldn't afford to
take it offline and rebuild.
It turns out we had a cron script running every hour that changed
ownership of one htdocs directory. We had lost the contract for that
website so the other admin simply deleted the directory but NOT the cron
job.
Cron not being able to figure this all out simply ran out of the root
directory all the way through every filesystem.
Needless to say I had loads of fun after figuring this out resetting
everything.
At least we had better firewalls after that 
HTH
Jim |
|
| Back to top |
|
|
Casper H.S. Dik
*nix forums Guru
Joined: 20 Feb 2005
Posts: 1634
|
| Posted: Fri Jul 21, 2006 12:37 pm Post subject:
Re: Spontaneously changing file ownerships and permissions
|
|
|
"jwwarrenva@gmail.com" <jwwarrenva@gmail.com> writes:
| Quote: | Yesterday afternoon, for no apparent reason, all (or almost all) the
Unix files on the server changed to user=root, group=root,
permissions=777. The data seems unchanged. Files on the workstations'
local drives seem OK. We don't have a clue as to what happended,
although suspicion falls on the file server software-- Data on Tap, I
think it is (not sure about that).
We had a backup a couple of days old, and I was able to write a Perl
script which, when run by root, restored the files' users, groups, and
permissions to those from the backup. Everything looked OK. Then a
few hours later everything changed back to root, root, 777.
It's a pretty secure installation, so hacking seems unlikely, although
I suppose it's possible. We have just reached the end of a contract
and our old sysadmins are leaving at the end of the week. Their
replacements are relatively inexperienced. So far, we don't have a
clue as to what is causing the problem.
Any ideas? Ever seen anything like this?
|
No; looks like a script running AMOK (wrong directory).
Most likely it would be using the chmod/chown programs or possibly
find.
Dtrace would have been easy but tha requires Solaris 9.
Check the ctime (ls -lc) of the files and then try to correlate
this with cronjos.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth. |
|
| Back to top |
|
|
Oscar del Rio
*nix forums Guru
Joined: 24 Feb 2005
Posts: 385
|
| Posted: Fri Jul 21, 2006 2:01 pm Post subject:
Re: Spontaneously changing file ownerships and permissions
|
|
|
Casper H.S. Dik wrote:
| Quote: | "jwwarrenva@gmail.com" <jwwarrenva@gmail.com> writes:
Yesterday afternoon, for no apparent reason, all (or almost all) the
Unix files on the server changed to user=root, group=root,
permissions=777. The data seems unchanged. Files on the workstations'
No; looks like a script running AMOK (wrong directory).
|
This came up in another thread some time ago...
IMHO, it is a "good thing" that /bin/sh quits if a script
tries to cd to a non-existent directory.
bash and ksh print an error (probably discarded in cron jobs)
but continue running the script probably in the wrong directory,
unless the code actually checks the pwd before proceeding. |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Sat Nov 22, 2008 8:48 pm | All times are GMT
|
|
Credit Counseling | Project cars for sale | Mortgage Calculator | Loans | Personal Car Finance
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
Solaris
