Setting the sticky bit on /var/mail...
Joe Altman
fj at panix.com
Wed Oct 8 09:05:51 PDT 2003
On Tue, Oct 07, 2003 at 09:13:36PM -0700, Mike Maltese wrote:
> > Absolutely you are correct, and the crowd goes wild with
> > applause...thank you.
> >
>
> Glad it helped. =)
>
> > I suppose it would be nice to know what set all of the following on
> > /var/mail:
> >
> > opaque nodump uappnd uchg uunlnk
> >
> > because it sure wasn't me.
> >
> > Removing them allowed me to set the appropriate bit. Thanks again.
>
> That strikes me as really strange. Any chance another user did this or that
> the box was compromised? It seems to be no small coincidence that all the
> flags you listed are the ones that don't require root privileges.
I never give accounts on my personal machines to people; it is
possible, I suppose, that the box was compromised; but the compromiser
would have to have worked his way in through a LinkSys NAT box that
doesnt' forward anything to that box; additionally, no services are
listening on it: no sshd, no MTA, no inetd, nothing. I dont' even log
in over my LAN...to get to the console or use X, I use a KVM.
The only other account in /var/mail was gdm...it was set to user:group
92. Shrug; I don't know....until last night and your email, I had
mentally glossed over the entry in the chflags and ls man pages
referencing ls -lo...so I don't see any way I could have set those
flags.
More information about the freebsd-questions
mailing list