Change uid from user who had uid=0 (but not is root)
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm not aware of, nor have I been able to find, any special significance to "userav".
So it would seem most likely that the usermod command is just checking to see if the user ID is in use, which since that's also root's user ID, naturally it is.
If it were me, I'd bring the system down to the single user state, then manually edit the associated file(s) to restore the ID. Finally, reboot.
HOWEVER, PLEASE NOTE, if I were administering that system, I would want to know how the ID got changed in the first place, and what might be associated with it. Whether it's related to a so-called "root kit", or something legitimate running on the system. Naturally if it's a "root kit" I'd "lock down" the system and check it throughly. If it's something legitimate, I'd be concerned that something might need to be done before changing it back.
IF AND ONLY IF, it's just a matter of getting past the usermod command's objections, then the manual edit and reboot should do it.
I agree with @rigor not that I know anything about server side Linux. though I know if it is being used when your running. you got a get it like he said. Or me with dual boot. I just boot my other Linux and mount the one I need to do something with so whatever process will not be running so I can change it.
perhaps that is why I never really learned the single user mode operation way of doing things.
but diffidently a need to know how it got that way has raised its head. so who ever or how ever it happened can be hopefully prevented from happening again.
Indeed, if that user had uid=0, that user wasroot!
I would therefore speculate that your system has been thoroughly compromised. I can think of no legitimate reason for any other user to have uid=0, and plenty of illegitimate ones.
No, in most systems /etc/passwd is the actual file, and the uid is in the 3rd field.
/etc/passwd is maintained, to be a "well-known data source for compatibility purposes," but it does not contain actual authentication information.
In a "simple standard Linux" setup these days, authentication data is in /etc/shadow, which is protected. So far as I know, it is the true authority. (As it should be.)
In other possible configurations, there might well be no shadow-file: the authority could well be an LDAP (Microsoft OpenDirectory®) server, or Kerberos®, maintained by the corporate security team.
Nevertheless, /etc/passwd and /etc/group are often "maintained" for the benefit of all those existing scripts and other programs that expect to be able to pore through them.
Last edited by sundialsvcs; 04-26-2017 at 08:58 PM.
Indeed, if that user had uid=0, that user wasroot!
I would therefore speculate that your system has been thoroughly compromised. I can think of no legitimate reason for any other user to have uid=0, and plenty of illegitimate ones.
I would agree. I've been a UNIX administrator before and any user, whatever the name, whose id is 0 has root powers. You have a MAJOR problem on your hands.
/etc/passwd is maintained, to be a "well-known data source for compatibility purposes," but it does not contain actual authentication information.
In a "simple standard Linux" setup these days, authentication data is in /etc/shadow, which is protected. So far as I know, it is the true authority. (As it should be.)
There are no numeric UIDs or GIDs in /etc/shadow. That information is in /etc/passwd only. The /etc/shadow file contains just the user names and their associated password and account expiration information.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.