Daza Posted April 11, 2004 Share Posted April 11, 2004 Hi, I have a weird problem.. running SunOS 5.8. A few users are added to the system... recently I've had one user come up to me and say that they couldn't access shell and that they got the error message " > Could not chdir to home directory /home/umabh: Permission denied" . I tracked it down... they seem to of (or someone else on the system) have used chown to set the owner to root and the permissions to nothing. Here's a log of it: d--------- 41 root testm 2048 Apr 2 19:02 umabh Now, what i don't understand is ONLY root can chown and i've checked everything. i don't understand how this has been changed without root access... and no looking at the logs the server wasn't hacked or anything. Link to comment Share on other sites More sharing options...
pirokiko Posted April 12, 2004 Share Posted April 12, 2004 Two things worth thinking about, just because something isnt logged, doesnt mean it didnt happen. Its all too easy for skript kiddies to get hold of a root-kit that will turn logging off, or wipe the logs of a certain entry altogether. What exactly does this server do, and is it locked down? Mayb some sort of IDS is needed? The other thing is, are you the only root or root-equivalent, or does someone have your passwords (althought the logs would probably show if root had changed anything... :blink:) Link to comment Share on other sites More sharing options...
Recommended Posts