Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 22341 - /etc/passwd -file corruption
/etc/passwd -file corruption
Product: Red Hat Linux
Classification: Retired
Component: passwd (Show other bugs)
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Jindrich Novy
Aaron Brown
Depends On:
  Show dependency treegraph
Reported: 2000-12-15 06:34 EST by Need Real Name
Modified: 2013-07-02 18:54 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-16 06:48:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2000-12-15 06:34:41 EST
System I administer:
- RH 7.0 / Intel, updated from RH 6.2
- Shadow passwords are in use
- There are several entries in /etc/passwd having
  UID=0 / GID=0 with different usernames

Damage happened:
all entries having UID=0 and username NOT beginning
with "root[something]" were changed so that the
UID and GID were copied from the entry above.
For example:
figu:x:531:531:Risto Avila:/home/figu:/bin/bash
bofh:x:0:0:Bastard Operator From Hell:/root:/bin/bash
was changed to
figu:x:531:531:Risto Avila:/home/figu:/bin/bash
bofh:x:531:531:Bastard Operator From Hell:/root:/bin/bash
Entries where username was, t.ex "rootbeer", beginning with 
"root" were just as they were supposed to be.

That is unfortunately not clear, and I couldn't reproduce the
problem. The things that I suspect are use of:
"passwd somebody" run as root
"adduser -u 123 -g 123 -d /home/person person"

This may be a bit paranoid or caused by some user having the
root priviledges with some other commands, I'm not too sure
everybody's knowhow is high enough to do what they're doing..
But please do something if reports with similar sympthons pop up.

Jarkko Hakala
Comment 1 Jindrich Novy 2004-09-16 06:48:39 EDT
Jarkko, this looks really weird... Anyway I was unable to reproduce
it, if such thing happens to you again using a recent Red Hat release
and is reproducible, please create a new bug. Thanks!


Note You need to log in before you can comment on or make changes to this bug.