Owner:Group on untarred program

Bob McClure Jr robertmcclure at earthlink.net
Fri Sep 16 16:46:40 UTC 2005 

On Fri, Sep 16, 2005 at 09:47:45AM -0600, redhat at buglecreek.com wrote:
> I untared a program (chkrootkit) as root on a Redhat ES4 system and the
> directory it created has the following owner and group:
>  drwxr-xr-x  2   1000   1000  4096 
> UID 1000 and GID 1000 does not exist on the system. After I compiled the
> source the files in the directory have the following owner and group:
> -r--r--r--  1 1000  1000   3365 Feb 21  2005 ACKNOWLEDGMENTS
> -rwxr-xr-x  1 root root    2860 Sep  8 14:48 check_wtmpx
> -r--r--r--  1 1000  1000   7195 Sep  6  2004 check_wtmpx.c
> -rwxr-xr-x  1 root root    6144 Sep  8 14:48 chkdirs
> -r--r--r--  1 1000  1000   6781 Sep  6  2004 chkdirs.c
> -rwxr-xr-x  1 root root    6656 Sep  8 14:48 chklastlog
> -r--r--r--  1 1000  1000   7730 Nov 16  2004 chklastlog.c
> -rwxr-xr-x  1 root root    6768 Sep  8 14:48 chkproc
> -r--r--r--  1 1000  1000   7613 Sep 13  2004 chkproc.c
> -rw-r--r--  1 root root    4603 Sep  8 14:50 chkroot_09_08_05
> -rwxr-xr-x  1 1000 wheel  71149 Feb 22  2005 chkrootkit
> ...
> 
> All executables are owned by root but the .c files are UID 1000.  Doing
> a tar tzvf on the tar ball outputs:
> drwxr-xr-x rn/               0 2005-02-22 07:06:40 chkrootkit-0.45/
> -r--r--r-- rn/            8771 2004-09-06 13:24:56
> chkrootkit-0.45/ifpromisc.c
> -r--r--r-- rn/            1343 2004-09-06 13:24:56
> chkrootkit-0.45/COPYRIGHT
> -r--r--r-- rn/            6781 2004-09-06 13:24:56
> chkrootkit-0.45/chkdirs.c
> -r--r--r-- rn/            7195 2004-09-06 13:24:56
> chkrootkit-0.45/check_wtmpx.c
> -r--r--r-- rn/             571 2005-02-21 14:20:46
> chkrootkit-0.45/chkrootkit.lsm
> ...
> 
> Why is the owner and group 1000 when that does not exist on the
> system?

When you, as root, blow up a tarball, you get the owner- and
group-ships as they were originally recorded.

> I assume that the user and group ids were from the system that the tar
> was made on?  Is this the case?

Yes.

In keeping with the principle "do nothing as root that you don't have
to", I always blow up and build tar balls as my mere mortal self, and
then "su -" to root to do the install.

> Also, what does the rn/ mean in the tar
> file?

I don't know.

> Thank You

Cheers,
-- 
Bob McClure, Jr.             Bobcat Open Systems, Inc.
robertmcclure at earthlink.net  http://www.bobcatos.com
Peace at any price is inflationary.

More information about the Redhat-install-list mailing list