Owner:Group on untarred program
Bob McClure Jr
robertmcclure at earthlink.net
Fri Sep 16 16:46:40 UTC 2005
On Fri, Sep 16, 2005 at 09:47:45AM -0600, redhat at buglecreek.com wrote:
> I untared a program (chkrootkit) as root on a Redhat ES4 system and the
> directory it created has the following owner and group:
> drwxr-xr-x 2 1000 1000 4096
> UID 1000 and GID 1000 does not exist on the system. After I compiled the
> source the files in the directory have the following owner and group:
> -r--r--r-- 1 1000 1000 3365 Feb 21 2005 ACKNOWLEDGMENTS
> -rwxr-xr-x 1 root root 2860 Sep 8 14:48 check_wtmpx
> -r--r--r-- 1 1000 1000 7195 Sep 6 2004 check_wtmpx.c
> -rwxr-xr-x 1 root root 6144 Sep 8 14:48 chkdirs
> -r--r--r-- 1 1000 1000 6781 Sep 6 2004 chkdirs.c
> -rwxr-xr-x 1 root root 6656 Sep 8 14:48 chklastlog
> -r--r--r-- 1 1000 1000 7730 Nov 16 2004 chklastlog.c
> -rwxr-xr-x 1 root root 6768 Sep 8 14:48 chkproc
> -r--r--r-- 1 1000 1000 7613 Sep 13 2004 chkproc.c
> -rw-r--r-- 1 root root 4603 Sep 8 14:50 chkroot_09_08_05
> -rwxr-xr-x 1 1000 wheel 71149 Feb 22 2005 chkrootkit
> ...
>
> All executables are owned by root but the .c files are UID 1000. Doing
> a tar tzvf on the tar ball outputs:
> drwxr-xr-x rn/ 0 2005-02-22 07:06:40 chkrootkit-0.45/
> -r--r--r-- rn/ 8771 2004-09-06 13:24:56
> chkrootkit-0.45/ifpromisc.c
> -r--r--r-- rn/ 1343 2004-09-06 13:24:56
> chkrootkit-0.45/COPYRIGHT
> -r--r--r-- rn/ 6781 2004-09-06 13:24:56
> chkrootkit-0.45/chkdirs.c
> -r--r--r-- rn/ 7195 2004-09-06 13:24:56
> chkrootkit-0.45/check_wtmpx.c
> -r--r--r-- rn/ 571 2005-02-21 14:20:46
> chkrootkit-0.45/chkrootkit.lsm
> ...
>
> Why is the owner and group 1000 when that does not exist on the
> system?
When you, as root, blow up a tarball, you get the owner- and
group-ships as they were originally recorded.
> I assume that the user and group ids were from the system that the tar
> was made on? Is this the case?
Yes.
In keeping with the principle "do nothing as root that you don't have
to", I always blow up and build tar balls as my mere mortal self, and
then "su -" to root to do the install.
> Also, what does the rn/ mean in the tar
> file?
I don't know.
> Thank You
Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
robertmcclure at earthlink.net http://www.bobcatos.com
Peace at any price is inflationary.
More information about the Redhat-install-list
mailing list