From owner-freebsd-questions Tue Dec 12 4: 1:33 2000 From owner-freebsd-questions@FreeBSD.ORG Tue Dec 12 04:01:28 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id 0203237B400; Tue, 12 Dec 2000 04:01:28 -0800 (PST) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.9.3/8.9.3) with ESMTP id HAA82996; Tue, 12 Dec 2000 07:08:19 -0500 (EST) (envelope-from rjh@mohawk.net) Date: Tue, 12 Dec 2000 07:08:18 -0500 (EST) From: Ralph Huntington To: Anil Jangity Cc: freebsd-security@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: Can't remove uid "nobody" files... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Files owned by user 'nobody' are usually created by the web server (http daemon running as 'nobody') in a world-writable directory that is generally owned by the user who owns the script that causes the files to be written. It's actually rather common, if not good practice (cgi 'wrappers' are a better way, IMO). If the directory is no longer world-writable, you'll need to be root to remove them (or the user who owns the directory in which the files reside). -=r=- On Tue, 12 Dec 2000, Anil Jangity wrote: > IHAU who created some files (don't know how) but I can't seem to remove > them: > > id: > uid=1527(roki) gid=1000(shell) groups=1000(shell) > > > FreeBSD mars 4.2-STABLE FreeBSD 4.2-STABLE #0: Sun Dec 10 > 11:07:18 GMT 2000 root@mars:/src/sys/compile/kernel.mars i386 > > roki@mars: ~/public_html/cgi-bin/UltraBoard/Private/Backups % ls -loa > index.html > -rw-r--r-- 1 nobody shell - 143 Sep 25 22:48 index.html > roki@mars: ~/public_html/cgi-bin/UltraBoard/Private/Backups % pwd > /home/roki/public_html/cgi-bin/UltraBoard/Private/Backups > > > > Two questions: > > 1. How did he create a file with permissions "nobody"? I tried to do the > same and I either get operation not permitted or it really creates the > file with my uid and not as uid nobody. I even tried to tar -cvf up a file > with uid nobody and then tried to extrat it as normal user... just to see > > 2. How do I remove them? (I haven't tried to do it as root... just yet) > > > Thanks in advance. > > PS: When replying please make sure my email address is there - not > subscribed to -questions. > > > Kind regards, > > Anil Jangity (Taos) > anil@taos.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message