Strange change system files ownership with shell account creation

Discussion in 'Installation/Configuration' started by SupuS, Nov 16, 2011.

  1. SupuS

    SupuS Member HowtoForge Supporter

    Hi all,

    I have ISPConfig 3.0.4 version installed on Ubuntu 10.04 server. I created shell user account with jailkit option. After that ownership of these files was changed and now are owned by web user and group:

    # find /etc/ -user webXX -exec ls -l {} \;
    -rw-r--r-- 4 webXX clientX 475 2006-08-28 18:33 /etc/nsswitch.conf
    -rw-r--r-- 4 webXX clientX 2626 2009-12-03 17:11 /etc/protocols
    -rw-r--r-- 4 webXX clientX 34 2010-04-22 19:04 /etc/ld.so.conf
    -rw-r--r-- 3 webXX clientX 26 2011-07-15 15:48 /etc/issue
    -rw-r--r-- 4 webXX clientX 337 2010-09-11 21:06 /etc/jailkit/jk_lsh.ini
    -rw-r--r-- 4 webXX clientX 92 2009-04-27 11:56 /etc/host.conf
    -rw-r--r-- 4 webXX clientX 497 2011-07-19 21:02 /etc/profile
    -rw-r--r-- 4 webXX clientX 2215 2010-03-08 23:37 /etc/vim/vimrc
    -rw-r--r-- 4 webXX clientX 662 2010-03-08 23:51 /etc/vim/vimrc.tiny
    -rw-r--r-- 4 webXX clientX 1979 2010-03-08 22:19 /etc/mc/mc.lib
    -rw-r--r-- 4 webXX clientX 9440 2010-03-08 22:19 /etc/mc/mc.menu
    -rw-r--r-- 4 webXX clientX 17179 2010-03-08 22:19 /etc/mc/mc.ext
    -rw-r--r-- 4 webXX clientX 455 2010-09-11 21:33 /etc/hosts
    -rw-r--r-- 4 webXX clientX 158 2010-03-07 04:33 /etc/terminfo/README
    -rw-r--r-- 4 webXX clientX 61 2010-09-11 19:46 /etc/resolv.conf

    edit: I found another files witch changed ownership:

    # find /bin -user webXX -exec ls -l {} \;
    -rwxr-xr-x 4 webXX clientX 60000 2010-09-21 20:32 /bin/chmod
    -rwxr-xr-x 4 webXX clientX 35216 2010-09-21 20:32 /bin/false
    -rwxr-xr-x 4 webXX clientX 64168 2010-08-17 10:43 /bin/gzip
    -rwxr-xr-x 4 webXX clientX 129320 2010-03-05 04:43 /bin/cpio
    -rwxr-xr-x 4 webXX clientX 6947 2009-11-05 09:51 /bin/lesspipe
    -rwxr-xr-x 4 webXX clientX 60120 2010-09-21 20:32 /bin/dd
    -rwxr-xr-x 4 webXX clientX 64600 2010-03-05 06:33 /bin/fgrep
    -rwxr-xr-x 4 webXX clientX 60064 2010-09-21 20:32 /bin/cat
    -rwxr-xr-x 4 webXX clientX 35216 2010-09-21 20:32 /bin/true
    -rwxr-xr-x 3 webXX clientX 35512 2011-01-20 20:56 /bin/more
    -rwxr-xr-x 4 webXX clientX 149496 2009-11-05 09:52 /bin/less
    -rwxr-xr-x 4 webXX clientX 934336 2010-04-19 04:16 /bin/bash
    -rwxr-xr-x 4 webXX clientX 105688 2010-03-05 06:33 /bin/egrep
    -rwxr-xr-x 4 webXX clientX 191976 2010-02-02 02:30 /bin/nano
    -rwxr-xr-x 4 webXX clientX 68192 2010-09-21 20:32 /bin/date
    -rwxr-xr-x 4 webXX clientX 64 2010-08-17 10:43 /bin/zcat
    -rwxr-xr-x 4 webXX clientX 43600 2010-09-21 20:32 /bin/mkdir
    -rwxr-xr-x 4 webXX clientX 39376 2010-09-21 20:32 /bin/sleep
    -rwxr-xr-x 8 webXX clientX 63 2010-08-17 10:43 /bin/uncompress
    -rwxr-xr-x 4 webXX clientX 97352 2010-09-21 20:32 /bin/mv
    -rwxr-xr-x 4 webXX clientX 64208 2010-09-21 20:32 /bin/rm
    -rwxr-xr-x 4 webXX clientX 69088 2009-12-21 23:38 /bin/sed
    -rwxr-xr-x 4 webXX clientX 39472 2010-09-21 20:32 /bin/pwd
    -rwxr-xr-x 4 webXX clientX 39328 2010-09-21 20:32 /bin/echo
    -rwxr-xr-x 4 webXX clientX 344688 2010-09-20 17:49 /bin/tar
    -rwxr-xr-x 4 webXX clientX 109648 2010-09-21 20:32 /bin/cp
    -rwxr-xr-x 4 webXX clientX 35232 2010-09-21 20:32 /bin/sync
    -rwxr-xr-x 4 webXX clientX 114032 2010-09-21 20:32 /bin/ls
    -rwxr-xr-x 4 webXX clientX 55912 2010-09-21 20:32 /bin/ln
    -rwxr-xr-x 8 webXX clientX 63 2010-08-17 10:43 /bin/gunzip
    -rwxr-xr-x 4 webXX clientX 39392 2010-09-21 20:32 /bin/rmdir
    -rwxr-xr-x 4 webXX clientX 43600 2010-09-21 20:32 /bin/mktemp
    -rwxr-xr-x 4 webXX clientX 60016 2010-09-21 20:32 /bin/touch
    -rwxr-xr-x 4 webXX clientX 113912 2010-03-05 06:33 /bin/grep

    I think this behaviour isn't wanted and it is huge security problem. Have somebody same problem?

    SupuS
     
    Last edited: Nov 16, 2011
  2. till

    till Super Moderator Staff Member ISPConfig Developer

Share This Page