Who or what is user 500??

carlos123 · Posted: Sat Mar 08, 2003 11:23 am Post subject: Who or what is user 500??

I have noticed that sometimes I end up with a user by the name of "500" as in the following output...

mvr_rennes · Apprentice Joined: 23 Oct 2002 Posts: 155

try

rtn · Guru Joined: 15 Nov 2002 Posts: 427

Generally, adduser starts with uid 500, so it's likely to be the first account
generated on a system if you use adduser. It's also possible to get files owned
by uid 500 if you untar something that was owned by uid 500.

--rtn

elzbal · Posted: Mon Mar 10, 2003 8:47 pm Post subject:

In this case, it seems likely that the user was created, gained ownership over some files (such as the 'carlos' directory), and was deleted. This would produce the output seen above.

The command 'ls -l' looks up the userid and groupid numbers in the /etc/passwd and /etc/group files, and converts those to more friendly names. In the case where the userid or groupid does not exist in the aforementioned files, it will simply display the userid or groupid numbers themselves.

nephros · Posted: Mon Mar 10, 2003 9:12 pm Post subject:

File listings with UID numbers instead of usernames can also come from packaged files (zip or tar), where the users saved in the package do not exist on the system where it is unpacked.

Therefore, you should always check for this after unpackaging an archive from another machine, as this can be a security hazard.

Imagine user foo (UID 502), member of group root (GID 0) on system A packaging a file:
-rwSrwsr-- foo root script.sh
or
-rwSrwsr-- 502 0 script.sh
User bar unpacking it to /tmp on system B , where UID 502 maps to another user (baz), resulting in:
-rwSrwsr-- baz root script.sh
User bar helped user baz to a SUID root executable lying around in /tmp...
_________________
Please put [SOLVED] in your topic if you are a moron.

elzbal · Posted: Mon Mar 10, 2003 9:20 pm Post subject: