Invisible user? - SCO

This is a discussion on Invisible user? - SCO ; OSR 5.0.6 # finger bosus finger: bosus: no such user. Scoadmin account does not list this user. Authck -av reports: bosus not in /etc/passwd but in Protected Password database # grep bosus /etc/passwd /etc/shadow /etc/passwd:bosus:x:1732:101:Boswell Useem:/u4/bosus:/bin/sh /etc/group:bosus:HHtp5u0Lyqr7g:13600:: And yes, bosus ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Invisible user?

  1. Invisible user?

    OSR 5.0.6

    # finger bosus
    finger: bosus: no such user.

    Scoadmin account does not list this user.

    Authck -av reports:
    bosus not in /etc/passwd but in Protected Password database

    # grep bosus /etc/passwd /etc/shadow
    /etc/passwd:bosus:x:1732:101:Boswell Useem:/u4/bosus:/bin/sh
    /etc/group:bosus:HHtp5u0Lyqr7g:13600::

    And yes, bosus can log in.

    ???


    --
    JP
    ==> http://www.frappr.com/cusm <==

  2. Re: Invisible user?

    On Wed, 28 Mar 2007 13:43:03 -0400, Jean-Pierre Radley
    wrote:

    >OSR 5.0.6
    >
    ># finger bosus
    >finger: bosus: no such user.
    >
    >Scoadmin account does not list this user.
    >
    >Authck -av reports:
    >bosus not in /etc/passwd but in Protected Password database
    >
    ># grep bosus /etc/passwd /etc/shadow
    >/etc/passwd:bosus:x:1732:101:Boswell Useem:/u4/bosus:/bin/sh
    >/etc/group:bosus:HHtp5u0Lyqr7g:13600::
    >
    >And yes, bosus can log in.
    >
    >???
    >
    >
    >--
    >JP
    > ==> http://www.frappr.com/cusm <==


    What's the system's security profile set to and what, if any, items
    are out of compliance (/tcb/bin/secdefs -v}?

    Has the system ever changed security profiles by the use of the relax
    command? (one would probably have to 'fess up to that; I'm told that's
    not logged anywhere unless audit is running.)

    Does the situation remain after running fixmog?

    Stab in the dark but I've seen funny things happen when security
    profiles are changed after initial installation, especially between
    the traditional & improved profiles.

    DDinAZ



  3. Re: Invisible user?

    Dave Dickerson typed (on Sun, Apr 01, 2007 at 12:06:21AM +0000):
    | On Wed, 28 Mar 2007 13:43:03 -0400, Jean-Pierre Radley
    | wrote:
    |
    | >OSR 5.0.6
    | >
    | ># finger bosus
    | >finger: bosus: no such user.
    | >
    | >Scoadmin account does not list this user.
    | >
    | >Authck -av reports:
    | >bosus not in /etc/passwd but in Protected Password database
    | >
    | ># grep bosus /etc/passwd /etc/shadow
    | >/etc/passwd:bosus:x:1732:101:Boswell Useem:/u4/bosus:/bin/sh
    | >/etc/group:bosus:HHtp5u0Lyqr7g:13600::
    | >
    | >And yes, bosus can log in.
    |
    | What's the system's security profile set to and what, if any, items
    | are out of compliance (/tcb/bin/secdefs -v}?
    |
    | Has the system ever changed security profiles by the use of the relax
    | command? (one would probably have to 'fess up to that; I'm told that's
    | not logged anywhere unless audit is running.)
    |
    | Does the situation remain after running fixmog?
    |
    | Stab in the dark but I've seen funny things happen when security
    | profiles are changed after initial installation, especially between
    | the traditional & improved profiles.

    I don't think the sceurity profile was ever changed from the default at
    installation.

    But now, three days later, that user can be fingered once again.
    The machine was, however, rebooted in the interim.

    --
    JP
    ==> http://www.frappr.com/cusm <==

+ Reply to Thread