Bug 22341 - /etc/passwd -file corruption
Summary: /etc/passwd -file corruption
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: passwd
Version: 7.0
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Jindrich Novy
QA Contact: Aaron Brown
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-12-15 11:34 UTC by Need Real Name
Modified: 2013-07-02 22:54 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-09-16 10:48:39 UTC
Embargoed:


Attachments (Terms of Use)

Description Need Real Name 2000-12-15 11:34:41 UTC
System I administer:
- RH 7.0 / Intel, updated from RH 6.2
- Shadow passwords are in use
- There are several entries in /etc/passwd having
  UID=0 / GID=0 with different usernames

Damage happened:
all entries having UID=0 and username NOT beginning
with "root[something]" were changed so that the
UID and GID were copied from the entry above.
For example:
--<cut>--
figu:x:531:531:Risto Avila:/home/figu:/bin/bash
bofh:x:0:0:Bastard Operator From Hell:/root:/bin/bash
--<cut>--
was changed to
figu:x:531:531:Risto Avila:/home/figu:/bin/bash
bofh:x:531:531:Bastard Operator From Hell:/root:/bin/bash
--<cut>--
Entries where username was, t.ex "rootbeer", beginning with 
"root" were just as they were supposed to be.

When:
That is unfortunately not clear, and I couldn't reproduce the
problem. The things that I suspect are use of:
"passwd somebody" run as root
"adduser -u 123 -g 123 -d /home/person person"

  
This may be a bit paranoid or caused by some user having the
root priviledges with some other commands, I'm not too sure
everybody's knowhow is high enough to do what they're doing..
But please do something if reports with similar sympthons pop up.

Jarkko Hakala

Comment 1 Jindrich Novy 2004-09-16 10:48:39 UTC
Jarkko, this looks really weird... Anyway I was unable to reproduce
it, if such thing happens to you again using a recent Red Hat release
and is reproducible, please create a new bug. Thanks!

Jindrich


Note You need to log in before you can comment on or make changes to this bug.