[Novalug] cant remove ssh. cant even chown it
Peter Larsen
plarsen@famlarsen.homelinux.com
Tue Jul 22 22:02:47 EDT 2008
> Look what happened when i did this:
>
> server1:/usr/sbin# who is 501
> root pts/0 2008-07-22 18:03 (:0.0)
>
Try typing "who is stupid" or "who knows virgnia wolf".. I think you'll
be "amazed" by the answer. It's not telling you what you think it is.
"who" tells you the users who are logged in.
First of all - reinstalling seldom fixes a "bug". So to solve your
problems you don't help yourself by doing reinstalls. You may, as you
have here, make things worse.
Linux has several security features - and with ssh they're pretty heavy.
And no, root cannot just delete everything - that's on purpose.
User 501 would be the second user ever created on your system. If
there's no user id 501 in /etc/passwd it looks like you may have removed
that user. Do a "find / -user 501 -print" and see what files on your
system is owned by that user. Most likely it's been manually deleted
from the user db but it's files are still around on the system.
How did you try to remove ssh? What kind of errors did you get? Did you
ignore them or try to solve them?
What is your distribution, version etc? Before you dig yourself deeper
with trying to manually manage this, it would be better to try to manage
it via your package manager.
--
Peter Larsen <plarsen@famlarsen.homelinux.com>
-----Original Message-----
From: Norman Bird <steelpulsefan@gmail.com>
To: Mike Shade <mshade@mshade.org>
Cc: Novalug <Novalug@calypso.tux.org>
Subject: Re: [Novalug] cant remove ssh. cant even chown it
Date: Tue, 22 Jul 2008 21:16:57 -0400
Look what happened when i did this:
server1:/usr/sbin# who is 501
root pts/0 2008-07-22 18:03 (:0.0)
what does this mean? maybe 501 is root in debian etch.?
On Tue, Jul 22, 2008 at 9:10 PM, Norman Bird <steelpulsefan@gmail.com>
wrote:
no user 501. checked those files just now. good idea though
thanks
On Tue, Jul 22, 2008 at 7:29 PM, Mike Shade <mshade@mshade.org>
wrote:
> -rwxr-xr-x 1 501 root 236457 2008-05-15 07:36 sshd
Why on *earth* is sshd owned by a user? Did you at one
point do a chown -R from / by mistake?
Even more interesting is that it's giving you the UID
instead of a user's name. Do you *have* a user 501?
Check with:
# grep 501 /etc/passwd /etc/shadow /etc/group (as root)
You may also want to run chkrootkit, as this is not
normal ;)
-- Mike
_______________________________________________
Novalug mailing list
Novalug@calypso.tux.org
http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
_______________________________________________
Novalug mailing list
Novalug@calypso.tux.org
http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20080722/a9ab1074/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20080722/a9ab1074/attachment.asc>
More information about the Novalug
mailing list