On both our new filers, running 6.1.2R1, I have just noticed that the ownership of its "/vol/vol0/etc" belongs, not to the expected "root", but to an apparently arbitrary uid "20041" (gid "30").
Fortunately: (a) we have not allocated that uid to anyone; (b) I think the only machine to which "/etc" would be user-accessible (a Solaris UNIX box fro our user admin.) can have access restrictions to prevent telnet/ssh-like user-access.
Nevertheless, it does seem a little worrying (correction, potentially very worrying) that this critical "/etc" directory is owned by an ordinary user. (Just suppose this October's student intake allocates that uid to someone who likes exploring...)
All the contents of "/etc" are root-owned, except for a subdirectory called "java" and within that some (not all) of its contents:
drwxr-xr-x 3 20041 30 4096 Jun 11 08:11 . drwxr-xr-x 20 20041 30 65536 Jul 22 14:53 .. -rwxr-xr-x 1 root other 1912820 Jan 9 2002 .jitcache.db -rw-r--r-- 1 root root 1912820 May 14 14:05 .jitcache.db.saved -rwxr-xr-x 2 root other 8844945 Jan 8 2002 classes.zip -rwxr-xr-x 2 root other 8844945 Jan 8 2002 classes.zip-inuse -rw-r--r-- 1 20041 30 238737 Oct 13 2000 crysec.zip -rw-rw-r-- 1 root root 139895 Jun 14 00:35 jit.log -rw-r--r-- 1 20041 30 505097 Oct 13 2000 jsafe.zip drwxr-xr-x 3 root root 4096 May 14 14:05 lib -rwxr-xr-x 2 root other 1422554 Jan 8 2002 netapp.zip -rwxr-xr-x 2 root other 1422554 Jan 8 2002 netapp.zip-inuse -rw-r--r-- 1 20041 30 217093 Oct 13 2000 phaos.zip -rwxr-xr-x 2 root other 1942824 Jan 8 2002 redshift.zip -rwxr-xr-x 2 root other 1942824 Jan 8 2002 redshift.zip-inuse -rw-r--r-- 1 20041 30 113216 Oct 13 2000 secureadmin.zip -rwxr-xr-x 2 root other 139753 Jan 8 2002 servlet.zip -rwxr-xr-x 2 root other 139753 Jan 8 2002 servlet.zip-inuse
Is this general, affecting other sites, or does it suggest that something peculiar happened at our installation?
I understand that, since site installation, we have had something added: from memory, I think it was "Secure FilerView", but I may be wrong, and the local person who oversaw this is currently away.
Any comments, anyone?