February 8th, 2010, 09:09 PM
Is my ROOT jacked?
I have a strange situation I would like to recount and get some input on.
The short version is that when I run the TAR command with -xvf as root
the extracted files show up in a directory owned by a different user and a
numerical group (500 to be exact). When I attempt to CD into the directory
the system tells me that the directory does not exist. After I chown the dir back to root and chgrp it out of 500 land, I can access the directory just fine.
I have checked the .bash_profile and disconnected the server from ldap using authconfig (this is CENTOS 4 btw) and the problem still persists... This is making me think that something is subverting commands created by root and executing them as another user... how can this be done? I was always under the impression that root is root and no one else.
If I need to post any config files or logs let me know.
February 9th, 2010, 04:04 PM
Root should not be jacked. You are running "tar" as root instead of a regular user. You activated the safety mechanism which prevents possible damage to the root account.
Originally Posted by insuredjester
use tar -oxvf instead of -xvf. This will always make your files belong to user root and group root.
February 9th, 2010, 07:05 PM
I was building source from a trusted source and figured it was safe to do the deed as root from start to finish... Thanks for the help.
By nancy in forum Newbie Security Questions
Last Post: December 11th, 2008, 07:39 AM
By thehorse13 in forum *nix Security Discussions
Last Post: May 15th, 2003, 12:14 PM
By instronics in forum The Security Tutorials Forum
Last Post: January 19th, 2003, 12:53 PM
By R0n1n in forum *nix Security Discussions
Last Post: November 20th, 2002, 01:20 PM
By Nitro in forum The Security Tutorials Forum
Last Post: July 3rd, 2002, 06:37 AM