February 8th, 2010, 10:09 PM
Is my ROOT jacked?
I have a strange situation I would like to recount and get some input on.
The short version is that when I run the TAR command with -xvf as root
the extracted files show up in a directory owned by a different user and a
numerical group (500 to be exact). When I attempt to CD into the directory
the system tells me that the directory does not exist. After I chown the dir back to root and chgrp it out of 500 land, I can access the directory just fine.
I have checked the .bash_profile and disconnected the server from ldap using authconfig (this is CENTOS 4 btw) and the problem still persists... This is making me think that something is subverting commands created by root and executing them as another user... how can this be done? I was always under the impression that root is root and no one else.
If I need to post any config files or logs let me know.
By nancy in forum Newbie Security Questions
Last Post: December 11th, 2008, 08:39 AM
By thehorse13 in forum *nix Security Discussions
Last Post: May 15th, 2003, 01:14 PM
By instronics in forum The Security Tutorials Forum
Last Post: January 19th, 2003, 01:53 PM
By R0n1n in forum *nix Security Discussions
Last Post: November 20th, 2002, 02:20 PM
By Nitro in forum The Security Tutorials Forum
Last Post: July 3rd, 2002, 07:37 AM