Date: Wed, 8 Oct 2003 12:05:48 -0400 From: Joe Altman <fj@panix.com> To: Mike Maltese <mike@pcmedx.com> Cc: questions@freebsd.org Subject: Re: Setting the sticky bit on /var/mail... Message-ID: <20031008160548.GA2781@panix.com> In-Reply-To: <001801c38d52$8bb4ea30$f4f0a8c0@pcmedx.com> References: <20031008040013.GA14912@panix.com> <001801c38d52$8bb4ea30$f4f0a8c0@pcmedx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 07, 2003 at 09:13:36PM -0700, Mike Maltese wrote: > > Absolutely you are correct, and the crowd goes wild with > > applause...thank you. > > > > Glad it helped. =) > > > I suppose it would be nice to know what set all of the following on > > /var/mail: > > > > opaque nodump uappnd uchg uunlnk > > > > because it sure wasn't me. > > > > Removing them allowed me to set the appropriate bit. Thanks again. > > That strikes me as really strange. Any chance another user did this or that > the box was compromised? It seems to be no small coincidence that all the > flags you listed are the ones that don't require root privileges. I never give accounts on my personal machines to people; it is possible, I suppose, that the box was compromised; but the compromiser would have to have worked his way in through a LinkSys NAT box that doesnt' forward anything to that box; additionally, no services are listening on it: no sshd, no MTA, no inetd, nothing. I dont' even log in over my LAN...to get to the console or use X, I use a KVM. The only other account in /var/mail was gdm...it was set to user:group 92. Shrug; I don't know....until last night and your email, I had mentally glossed over the entry in the chflags and ls man pages referencing ls -lo...so I don't see any way I could have set those flags.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031008160548.GA2781>