Bug#315071: Results to your question
Hi, See below: # getent group adm adm:x:4:root,adm,daemon And: # ls -l /var/log total 20384 -rw-r- 1 root adm 43310 Jun 21 16:00 auth.log -rw-r- 1 root adm 128247 Jun 19 06:47 auth.log.0 -rw-r- 1 root adm 10318 Jun 12 06:47 auth.log.1.gz -rw-r- 1 root adm 9508 Jun 5 06:47 auth.log.2.gz -rw-r- 1 root adm 12475 May 29 06:47 auth.log.3.gz -rw-r--r-- 1 root root 9838 May 3 17:43 base-config.log.1 -rw-r--r-- 1 root root 384 May 3 17:43 base-config.timings.1 -rw-rw-r-- 1 root utmp 0 Jun 1 06:25 btmp -rw-rw-r-- 1 root utmp 384 May 22 15:57 btmp.1 drwxr-xr-x 2 clamav clamav4096 Jun 19 06:25 clamav -rw-r- 1 root adm 479384 Jun 21 16:15 daemon.log -rw-r- 1 root adm2017570 Jun 21 06:24 daemon.log.0 -rw-r- 1 root adm 57638 Jun 19 06:24 daemon.log.1.gz -rw-r- 1 root adm 71562 Jun 17 06:24 daemon.log.2.gz -rw-r- 1 root adm 122795 Jun 16 06:23 daemon.log.3.gz -rw-r- 1 root adm 87333 Jun 14 06:25 daemon.log.4.gz -rw-r- 1 root adm 24716 Jun 12 06:45 daemon.log.5.gz -rw-r- 1 root adm 81834 Jun 11 06:24 daemon.log.6.gz drwxr-xr-x 2 root root 4096 Jun 16 10:14 dcc -rw-r- 1 root adm160 Jun 19 16:25 debug -rw-r- 1 root adm 2512 Jun 9 15:26 debug.0 -rw-r- 1 root adm248 May 31 16:56 debug.1.gz -rw-r- 1 root adm297 May 27 01:55 debug.2.gz -rw-r- 1 root adm126 May 19 11:16 debug.3.gz -rw-r--r-- 1 root root 8841 Jun 7 13:28 dmesg -rw-r--r-- 1 root root 24072 Jun 21 15:53 faillog -rw-r--r-- 1 root root360284 Jan 19 2004 installer.log -rw-r--r-- 1 root root 43431 Jan 19 2004 installer.timings -rw-r- 1 root adm 3451 Jun 21 10:11 kern.log -rw-r- 1 root adm4677518 Jun 20 21:05 kern.log.0 -rw-r- 1 root adm298 Jun 14 13:52 kern.log.1.gz -rw-r- 1 root adm 4236 Jun 9 17:02 kern.log.2.gz -rw-r- 1 root adm396 May 31 17:03 kern.log.3.gz -rw-r- 1 root adm208 May 26 11:47 kern.log.4.gz drwxr-xr-x 2 root root 4096 Mar 29 2004 ksymoops -rw-rw-r-- 1 root utmp292876 Jun 21 15:53 lastlog -rw-r--r-- 1 root root 0 Jan 19 2004 lpr.log drwxrws--- 2 root root 4096 Jun 19 06:47 mail lrwxrwxrwx 1 root root22 Jan 20 2004 mail.log - /var/log/mail/mail.log -rw-r- 1 root adm 4543 Jun 21 16:10 messages -rw-r- 1 root adm4682345 Jun 21 06:09 messages.0 -rw-r- 1 root adm 1504 Jun 19 06:25 messages.1.gz -rw-r- 1 root adm 6856 Jun 12 06:25 messages.2.gz -rw-r- 1 root adm 2536 Jun 5 06:38 messages.3.gz -rw-r- 1 root adm 3152 May 29 06:38 messages.4.gz drwxr-sr-x 2 news news 4096 Jan 19 2004 news -rw--- 1 root root 24774 Jun 21 09:16 openvpn -rw--- 1 root root 202 Jun 9 15:25 ppp-connect-errors.1.gz -rw--- 1 root root 175 May 31 16:56 ppp-connect-errors.2.gz -rw--- 1 root root 189 May 24 18:33 ppp-connect-errors.3.gz -rw--- 1 root root 171 May 22 17:11 ppp-connect-errors.4.gz -rw-r- 1 root adm 2261 Mar 1 2004 setuid.changes -rw-r- 1 root adm849 Feb 27 2004 setuid.changes.0 -rw-r- 1 root adm363 Feb 26 2004 setuid.changes.1.gz -rw-r- 1 root adm337 Feb 25 2004 setuid.changes.2.gz -rw-r- 1 root adm208 Feb 24 2004 setuid.changes.3.gz -rw-r- 1 root adm463 Feb 23 2004 setuid.changes.4.gz -rw-r- 1 root adm213 Feb 22 2004 setuid.changes.5.gz -rw-r- 1 root adm207 Feb 21 2004 setuid.changes.6.gz -rw-r- 1 root adm 463518 Mar 1 2004 setuid.today -rw-r- 1 root adm 463518 Feb 27 2004 setuid.yesterday -rw-r- 1 root adm 497972 Jun 21 16:15 syslog -rw-r- 1 root adm5714380 Jun 21 06:25 syslog.0 -rw-r- 1 root adm 71445 Jun 20 06:25 syslog.1.gz -rw-r- 1 root adm 29879 Jun 19 06:25 syslog.2.gz -rw-r- 1 root adm 30894 Jun 18 06:25 syslog.3.gz -rw-r- 1 root adm 79468 Jun 17 06:25 syslog.4.gz -rw-r- 1 root adm 69985 Jun 16 06:25 syslog.5.gz -rw-r- 1 root adm 74408 Jun 15 06:25 syslog.6.gz -rw-r- 1 root adm 0 Apr 24 06:47 user.log -rw-r- 1 root adm143 Apr 20 14:54 user.log.0 -rw-r- 1 root adm 96 Dec 15 2004 user.log.1.gz -rw-r- 1 root adm 96 Oct 20 2004 user.log.2.gz -rw-r- 1 root adm 95 Oct 6 2004 user.log.3.gz -rw-r- 1 root adm 0 Mar 7 2004 uucp.log -rw-r- 1 root adm309 Feb 26 2004 uucp.log.0 -rw-rw-r-- 1 root utmp 21120 Jun 17 10:52 wtmp -rw-rw-r-- 1 root utmp 17280 May 31 17:06 wtmp.1 Hope this help debug the issue. -- Noam Rathaus
Bug#315071: [Logcheck-devel] Bug#315071: Results to your question
tags 315071 moreinfo thanks On Tue, 21 Jun 2005, Noam Rathaus wrote: See below: # getent group adm adm:x:4:root,adm,daemon ok strange. because of the failure i didn't expect logcheck there anyway. but all my debian systems just show $ getent group adm adm:x:4:logcheck are you using ldap or any other fancy group db backend? also what does this cmd run as root show: # adduser logcheck adm are you using selinux or any other security tool, which disable root capabilities? thanks for your feedback - hope we can nail that down. -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315071: [Logcheck-devel] Bug#315071: Results to your question
Hi, On Tue June 21 2005 17:18, maximilian attems wrote: tags 315071 moreinfo thanks On Tue, 21 Jun 2005, Noam Rathaus wrote: See below: # getent group adm adm:x:4:root,adm,daemon ok strange. because of the failure i didn't expect logcheck there anyway. but all my debian systems just show $ getent group adm adm:x:4:logcheck are you using ldap or any other fancy group db backend? Nope. also what does this cmd run as root show: # adduser logcheck adm # adduser logcheck adm Adding user `logcheck' to group `adm'... gpasswd: unknown user adm adduser: `/usr/bin/gpasswd -M root,adm,daemon,logcheck adm' returned error code 1. Aborting. Cleaning up. are you using selinux or any other security tool, which disable root capabilities? Nope. thanks for your feedback - hope we can nail that down. -- maks -- Noam Rathaus CTO Beyond Security Ltd. http://www.beyondsecurity.com http://www.securiteam.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315071: [Logcheck-devel] Bug#315071: Results to your question
On Tue, 21 Jun 2005, Noam Rathaus wrote: snipp also what does this cmd run as root show: # adduser logcheck adm # adduser logcheck adm Adding user `logcheck' to group `adm'... gpasswd: unknown user adm adduser: `/usr/bin/gpasswd -M root,adm,daemon,logcheck adm' returned error code 1. Aborting. Cleaning up. ok so without quiet nothing really new. what are the permissions of your group file: # ls -l /etc/group # lsattr /etc/group what is you root fs mounted on? following output: $ mount thanks again for your feedback. -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315071: [Logcheck-devel] Bug#315071: Results to your question
On Tue, 21 Jun 2005, Noam Rathaus wrote: See below: # getent group adm adm:x:4:root,adm,daemon ok guess it's bug #284688 from adduser. what does cmd return? $ getent passwd adm adm is not a user on none of my running Sarge system. that means that doesn't return anything. don't know why it was added to your /etc/group could you please handedit it (if aboves assumbtion is correct) the adm line should look like that: adm:x:4:root,daemon then please rerun: # adduser logcheck adm with your adm line i could reproduce your error. i guess we should reassign and merge that bug with aboves. thanks for a confirmation. -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315071: [Logcheck-devel] Bug#315071: Results to your question
On Tue June 21 2005 18:10, maximilian attems wrote: On Tue, 21 Jun 2005, Noam Rathaus wrote: snipp also what does this cmd run as root show: # adduser logcheck adm # adduser logcheck adm Adding user `logcheck' to group `adm'... gpasswd: unknown user adm adduser: `/usr/bin/gpasswd -M root,adm,daemon,logcheck adm' returned error code 1. Aborting. Cleaning up. ok so without quiet nothing really new. what are the permissions of your group file: # ls -l /etc/group # ls -l /etc/group -rw-r--r-- 1 root root 987 Jun 21 17:37 /etc/group # lsattr /etc/group # lsattr /etc/group - /etc/group what is you root fs mounted on? following output: $ mount # mount /dev/hda1 on / type ext3 (rw,errors=remount-ro) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw) thanks again for your feedback. -- maks -- Noam Rathaus CTO Beyond Security Ltd. http://www.beyondsecurity.com http://www.securiteam.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315071: [Logcheck-devel] Bug#315071: Results to your question
On Tue June 21 2005 18:34, maximilian attems wrote: On Tue, 21 Jun 2005, Noam Rathaus wrote: See below: # getent group adm adm:x:4:root,adm,daemon ok guess it's bug #284688 from adduser. what does cmd return? $ getent passwd adm # getent passwd adm (Nothing) adm is not a user on none of my running Sarge system. that means that doesn't return anything. don't know why it was added to your /etc/group could you please handedit it (if aboves assumbtion is correct) the adm line should look like that: adm:x:4:root,daemon I had this entry: adm:x:4:root,adm,daemon I replaced it with yours then please rerun: # adduser logcheck adm And it worked. with your adm line i could reproduce your error. i guess we should reassign and merge that bug with aboves. thanks for a confirmation. -- maks Thanks :) -- Noam Rathaus CTO Beyond Security Ltd. http://www.beyondsecurity.com http://www.securiteam.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315071: [Logcheck-devel] Bug#315071: Results to your question
tags 315071 -moreinfo retitle 315071 adduser user group fails with group record of nonexitant user reassign 315071 adduser merge 315071 284688 thanks On Tue, 21 Jun 2005, Noam Rathaus wrote: snipp # getent passwd adm (Nothing) adm is not a user on none of my running Sarge system. that means that doesn't return anything. don't know why it was added to your /etc/group could you please handedit it (if aboves assumbtion is correct) the adm line should look like that: adm:x:4:root,daemon I had this entry: adm:x:4:root,adm,daemon I replaced it with yours then please rerun: # adduser logcheck adm And it worked. snipp Thanks :) reassigning bug to corresponding package. thanks for your cooperation. :) -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]