Solved

Can't resolve username: Error looking up username for uid=100

Posted on 2004-08-30
14
955 Views
Last Modified: 2013-12-27
Hi All,

I did the most stupid thing, i went (as root) chmod -R 755 /etc/
and now I can't send mail from normal users. When I tried it in command line, this was the behaviour:
bash-2.03$ mailx Test@test.com
Error looking up username for uid=100
0
Comment
Question by:kalmen
  • 6
  • 5
  • 3
14 Comments
 
LVL 20

Expert Comment

by:tfewster
ID: 11930086
If you have a recent backup of /etc/, restore that to correct all the permissions & suid settings
0
 
LVL 20

Expert Comment

by:tfewster
ID: 11930237
OK, checking on a Solaris 8 system:
- As a matter of urgency, change the permissions on /etc/shadow to 400 (read only for root);  This may fix the sendmail problem as well
0
 
LVL 20

Expert Comment

by:tfewster
ID: 11930339
Also, the chmod will have changed the permissions on the TARGETS of any links in /etc; e.g.

ls -ld wall
lrwxrwxrwx   1 root     root          16 Sep 27  2001 wall -> ../usr/sbin/wall
ls -l /usr/sbin/wall
-r-xr-sr-x   1 root     tty         9872 Jan  6  2000 /usr/sbin/wall
0
 
LVL 1

Author Comment

by:kalmen
ID: 11930718
Thanks man, but do you have any idea how I can get this to work? Mailx?

Thanks.
0
 
LVL 20

Expert Comment

by:tfewster
ID: 11931419
Check the permissions of these files; The mail files & passwd files may need specific permissions for sendmail to check them (Depending on the test, "excessive" permissions may cause failure)

ls -l /usr/bin/mailx
-r-x--s--x   1 root     mail      126880 Dec  7  2001 /usr/bin/mailx

/etc> ls -l mail
-rw-r--r--   1 root     bin          153 Sep 27  2001 Mail.rc
-rw-r--r--   1 root     bin         1201 Sep 27  2001 aliases
-rw-r--r--   1 root     root           0 Sep 27  2001 aliases.dir
-rw-r--r--   1 root     root        1024 Sep 27  2001 aliases.pag
-rw-r--r--   1 root     bin         5266 Feb  9  2003 helpfile
-rw-r--r--   1 root     bin            0 Nov  8  2000 local-host-names
-rw-r--r--   1 root     bin         1829 Sep 27  2001 mailx.rc
-r--r--r--   1 root     bin        33412 Sep 27  2001 main.cf
-rw-r--r--   1 root     other         41 Mar 20  2002 relay-domains
-r--r--r--   1 root     bin        34108 Feb 13  2004 sendmail.cf
lrwxrwxrwx   1 root     root           8 Sep 27  2001 sendmail.hf -> helpfile
-r--r--r--   1 root     bin        34108 Sep 27  2001 subsidiary.cf
-rw-r--r--   1 root     other      35625 Mar 20  2003 subsidiary.cf.new
-rw-r--r--   1 root     bin            5 Nov  8  2000 trusted-users

ls -l passwd
-r--r--r--   1 root     sys          958 Apr 29 12:17 passwd
ls -l group
-rw-r--r--   1 root     sys          278 Jan 20  2004 group



find /etc -exec ls -ld {} \; |awk '$1 ~ /[sSt]/'
-r-sr-xr-x   1 lp       lp           203 Dec 16  1999 ./lp/alerts/printer

find /etc -exec ls -ld {} \; |grep "\-\-\-" |more
prw-------   1 root     root           0 Apr 28 12:33 ./cron.d/FIFO
-rw-------   1 root     sys         5268 Jan 24  2001 ./inet/mipagent.conf-sample
-rw-------   1 root     sys         4983 Jan 24  2001 ./inet/mipagent.conf.fa-sample
-rw-------   1 root     sys         5378 Jan 24  2001 ./inet/mipagent.conf.ha-sample
prw-------   1 root     root           0 Aug 30 13:54 ./saf/zsmon/_pmpipe
prw-------   1 root     root           0 Aug 30 13:54 ./saf/_sacpipe
prw-------   1 root     root           0 Apr 28 12:34 ./saf/_cmdpipe
-r--------   1 root     bin            0 Jan  6  2000 ./security/dev/audio
-r--------   1 root     bin            0 Jan  6  2000 ./security/dev/fd0
-r--------   1 root     bin            0 Jan  6  2000 ./security/dev/sr0
-r--------   1 root     bin            0 Jan  6  2000 ./security/dev/st0
-r--------   1 root     bin            0 Jan  6  2000 ./security/dev/st1
-rw-r-----   1 root     sys          149 Jan  5  2000 ./security/audit_control
-rw-r-----   1 root     sys          188 Jan  5  2000 ./security/audit_user
-rwxr-----   1 root     sys         5339 Jan  6  2000 ./security/audit_warn
-rwxr-----   1 root     sys         4661 Jul 12  2002 ./security/bsmconv
-rwxr-----   1 root     sys         3342 Feb 26  2001 ./security/bsmunconv
Drw-------   1 root     root           0 Sep 27  2001 ./sysevent/syseventconfd_event_service
Drw-------   1 root     root           0 Sep 27  2001 ./sysevent/devfsadm_event_service
Drw-------   1 root     root           0 Sep 27  2001 ./sysevent/sysevent_door
-r--------   1 root     sys          583 Aug 13 08:12 ./shadow
-rw-------   1 root     root           0 Aug 13 08:12 ./.pwd.lock
-rw-------   1 root     sys          494 Sep 27  2001 ./smartcard/.keys
-rw-------   1 root     sys         2206 Sep 27  2001 ./snmp/conf/snmpd.conf
-rw-------   1 root     sys         1402 Jan  6  2000 ./snmp/conf/snmpdx.acl
-rw-------   1 root     sys         1403 Mar 20  2000 ./snmp/conf/mipagent.acl
prw-------   1 root     root           0 Aug 30 13:12 ./initpipe
prw-------   1 root     root           0 Aug 30 13:12 ./utmppipe
-rw-------   1 uucp     uucp         285 Sep 27  2001 ./uucp/Permissions
-rw-------   1 uucp     uucp         825 Sep 27  2001 ./uucp/Systems
-rw-------   1 root     sys         1831 Sep 27  2001 ./ppp/chap-secrets
-rw-------   1 root     sys         1873 Sep 27  2001 ./ppp/pap-secrets
-r--------   1 root     root         583 Jul  8 13:08 ./oshadow
-rw-------   1 root     other         80 Sep 27  2001 ./adsm/DC1TSM4
-rw-------   1 root     other          0 May 25 16:37 ./.group.lock
-rw-------   1 root     other          0 Mar 14  2002 ./.hosts.lock
-r--r-----   1 root     root         832 Mar  4 15:49 ./sudoers
drwxr-x---   2 root     other        512 Jan  3  2003 ./tripwire
-rw-r-----   1 root     other      41137 Jan  3  2003 ./tripwire/twpol.txt


0
 
LVL 1

Author Comment

by:kalmen
ID: 11933777
Hmmm. I don't seem to have much difference between your results and mine. It makes me wonder whther the problem could be caused by outside. I'll look around and let you know what I get.
0
 
LVL 18

Assisted Solution

by:liddler
liddler earned 200 total points
ID: 11940567
use verbose logging on mailx and then truss to examine what the mailx program is doing, you might get a clue to the file it is trying to open
i.e.
mailx -v -v test@test.com

and
truss -fae mailx test@test.com
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 1

Author Comment

by:kalmen
ID: 11951836
I couldn't seem to find anything usefull.

Have a look:

login as: oraleus
oraleus@server.com's password:
Last login: Wed Sep 01 2004 04:12:57 -0400 from 1.1.1.1
You have new mail.
bash: /etc/profile: Permission denied
bash-2.03$ truss -eaf mailx test@test.com
truss: cannot trace set-id or unreadable object file: /bin/mailx

The permissions on mailx are:
bash-2.03$ ls -la /bin/mailx
-r-sr-sr-x   1 0        6         126880 Oct 18  2001 /bin/mailx

0
 
LVL 18

Expert Comment

by:liddler
ID: 11951863
You'll need to be root to run truss.  Can you get root access?

and what was the output of:
mailx -v -v test@test.com
0
 
LVL 20

Expert Comment

by:tfewster
ID: 11953490
>The permissions on mailx are:
>bash-2.03$ ls -la /bin/mailx
>-r-sr-sr-x   1 0        6         126880 Oct 18  2001 /bin/mailx


Note that the system is not resolving UID and GID, otherwise it would display "root  mail" instead of "0  6"
0
 
LVL 18

Expert Comment

by:liddler
ID: 11953598
so check /etc/group /etc/passwd /etc/nsswitch.conf
0
 
LVL 1

Author Comment

by:kalmen
ID: 11957118
Now, as a non root I get:

# ls -la /etc/group
/etc/group: Permission denied

# ls -la /etc/passwd
/etc/passwd: Permission denied

# ls -la /etc/nsswitch.conf
/etc/nsswitch.conf: Permission denied

As root I have:

# ls -la /etc/group
-rwxr-xr-x   1 root     sys          356 Jun 19 03:10 /etc/group

# ls -la /etc/passwd
-r--------   1 root     sys          924 Jun 19 03:10 /etc/passwd

# ls -la /etc/nsswitch.conf
-rwxr-xr-x   1 root     sys         1297 Apr 13 02:05 /etc/nsswitch.conf

Now, for the /etc/ directory, I get:

drwx------  43 root     sys         3584 Aug 31 00:45 etc

So I goto / and:
chmod -fR 755 etc

And your a bloody genious!
Its working, but what is the safe permission for etc?

Thanks.

0
 
LVL 20

Accepted Solution

by:
tfewster earned 300 total points
ID: 11958452
permissions 755 is fine for /etc - All users need read and execute permissions on the directory to be able to look in there.

But you did a chmod -R again - Which is how you got into this problem in the first place?!  At least, you need to check the permissions on /etc/shadow (400) and /etc/passwd (444)
0
 
LVL 1

Author Comment

by:kalmen
ID: 11959455
All taken care of now...
I'd like to thank both of yous for the valuable input.
I used truss with root, and it gave me a very large and detailed information display so I thought I'd put it online and show you the link since it would be rediculous to paste it here... but I said to try the permissions one last time and if it doesn't work, I'd send you the output... it worked though... thanks for everything.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now