LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-04-2012, 04:31 AM   #1
newbie14
Member
 
Registered: Sep 2011
Posts: 470

Rep: Reputation: Disabled
The right command the check on all the user and their permission?


Dear All,
We have centos 6 server and would like to know which is the right command which tells us the all the relevant user and their permission?
 
Old 04-04-2012, 04:54 AM   #2
jhwilliams
Senior Member
 
Registered: Apr 2007
Location: Portland, OR
Distribution: Debian, Android, LFS
Posts: 1,168

Rep: Reputation: 210Reputation: 210Reputation: 210
To display status of all users:

Code:
sudo passwd -a -S
To show a list of "real" (non-system) users and their group memberships:

Code:
awk -F\: '{ if ($3 >= 1000 && $3 < 65534) print $1 }' /etc/passwd | xargs groups
Otherwise, users themselves don't have permissions, files have permissions, which map to the users and groups.
 
Old 04-04-2012, 10:41 AM   #3
newbie14
Member
 
Registered: Sep 2011
Posts: 470

Original Poster
Rep: Reputation: Disabled
Dear William,
I tried this. Can via the second list of user people hack into our system?


Quote:
sudo passwd -a -S
passwd: bad argument -a: unknown option
This one provides some results.


Quote:
awk -F\: '{ if ($3 >= 1000 && $3 < 65534) print $1 }' /etc/passwd | xargs groups
root bin daemon sys adm disk wheel
 
Old 04-04-2012, 08:53 PM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
It's not entirely clear what you are trying to achieve, but I believe that if you just read the contents of /etc/passwd & /etc/group, that will give you the info you seek.
 
Old 04-04-2012, 09:00 PM   #5
newbie14
Member
 
Registered: Sep 2011
Posts: 470

Original Poster
Rep: Reputation: Disabled
Dear Chrism,
Below is the group. What I am trying to achieve is to look is there any zombie user or group created by external attacks.

Code:
kmem:x:9:
wheel:x:10:root
mail:x:12:mail,postfix
uucp:x:14:uucp
man:x:15:
games:x:20:
gopher:x:30:
video:x:39:
dip:x:40:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:
dbus:x:81:
utmp:x:22:
utempter:x:35:
rpc:x:32:
usbmuxd:x:113:
avahi-autoipd:x:170:
desktop_admin_r:x:499:
desktop_user_r:x:498:
floppy:x:19:
vcsa:x:69:
ctapiusers:x:497:
rtkit:x:496:
abrt:x:173:
pegasus:x:65:
cimsrvr:x:500:
cdrom:x:11:
tape:x:33:
dialout:x:18:
apache:x:48:
saslauth:x:76:
postdrop:x:90:
postfix:x:89:
qpidd:x:495:
haldaemon:x:68:haldaemon
ntp:x:38:
mysql:x:27:
avahi:x:70:
rpcuser:x:29:
nfsnobody:x:65534:
pulse:x:494:
pulse-access:x:493:
stapdev:x:492:
stapusr:x:491:
fuse:x:490:
gdm:x:42:
tomcat:x:91:
stap-server:x:155:
webalizer:x:67:
sshd:x:74:
cgred:x:489:
dovecot:x:97:
dovenull:x:488:
sfcb:x:487:root
tcpdump:x:72:
oprofile:x:16:
slocate:x:21:
Below is the passwd.

Code:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rtkit:x:499:496:RealtimeKit:/proc:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
pegasus:x:66:65:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin
cimsrvr:x:498:500:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
saslauth:x:497:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
qpidd:x:496:495:Owner of Qpidd Daemons:/var/lib/qpidd:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
pulse:x:495:494:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat6:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:494:488:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
 
Old 04-04-2012, 09:16 PM   #6
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Quote:
What I am trying to achieve is to look is there any zombie user or group created by external attacks.
To do that you need to know what should be there; that's the admin's job.
You can't (usually) just point to a random entry and say that's definitely 'bad' just by the name alone.
What you should have is backups going back some time; extracting the same files and looking for changes may give some hints, but ultimately the admin needs to know (ie keep track of) what has been installed, inc users.
There's no easy answer...

See also the Security forum here and the rkhunter, chkrootkit tools etc .
 
Old 04-04-2012, 09:34 PM   #7
newbie14
Member
 
Registered: Sep 2011
Posts: 470

Original Poster
Rep: Reputation: Disabled
Dear Chrism,
Ok thank you I should post in the security forum then.
 
Old 04-05-2012, 01:38 AM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Rather than duplicate, use the Report button to ask the Mods to move this over
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to check user is locked or unlocked by command deepak_message Linux - Server 7 11-16-2014 03:56 AM
C user function to check whether a given user has access permission to a file iamjayanth Linux - Software 2 10-07-2009 08:16 AM
Permission Check Function VauxhallVXR Programming 4 06-09-2009 10:01 PM
how to run root command having normal user permission ravi.patil Linux - Newbie 7 05-21-2006 03:21 PM
how to remove permission for a user for using mount command vineet7kumar Linux - Newbie 1 09-11-2005 06:55 AM


All times are GMT -5. The time now is 06:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration