Problem with user management

Chris racerx at makeworld.com
Wed Jun 20 09:30:30 UTC 2007 

On Wed, 20 Jun 2007 10:42:42 +0200
Darryl LeCount <darryl at jamyskis.net> wrote:


> Anyway, the problem again: About two weeks ago I came back home from a
> weekend away to find a few updates waiting for me. I installed them
> and added a friend so that she could access my computer via SSH. I'm
> using Feisty, for the record. When I tried to add the friend,
> however, I noticed something rather strange. Several things, in fact:
> 
> * Despite the presence of users on the PC (nine of them), not a single
> one was showing up in the list.
> * When I tried to add her to the list nonetheless, it just bombed out.
> * After I tried to load up the applet again, it informed me that I
> didn't have the necessary permissions.
> * I rebooted, and noticed that in my GDM login screen (which has a
> list of users on the system), my name appeared three times. I only
> have two accounts under my name, one for business and one for
> pleasure (obviously with two different usernames)
> * I logged in with my user name and found that I had been stripped of
> my admin rights. I rebooted, went into recovery mode, readded myself
> to the admin group.
> * When I logged back in, admin rights were back. All seemed right with
> the world again. I went back into the users and groups applet to add
> myself to the other groups again. Alas, the users were still not
> listed.
> * I tried adding my friend to the list again, and again, it bombed
> out, thusly stripping me of my admin rights yet again.
> 
> Since then I've left the applet well alone, and for the time being I'm
> making do with using adduser on the command line. However, this
> behaviour is worrying and possibly symptomatic of a larger problem
> (especially with the GDM issues). Since I use my computer for work, I
> really can't afford to have this worry. I'd really like to avoid a
> reinstall of Ubuntu as I simply don't have the time. Are there any
> tests I can carry out to see if there is a fundamental problem with
> the user management? Could it be something with
> my /etc/groups, /etc/shadow or /etc/passwd files? Are there any
> config files that I'm missing here that are involved with user
> management that could be causing this?
> 
> I would appreciate any help anyone can offer on this matter. If you
> need any further information, I'll be happy to give it.
> 
> >> Darryl 
>  

Without more information (who else access this device) can't really
determine much. However, if you have as many as 9 uses setup in it,
it's very possible someone has been "playing" with your OS.

First thin I might do - install chkrootkit and see if someone really
has been "playing" with you.  

Do other things such as review all you log files in /var/logs. With
some luck, if someone has been "playing" one can hope they didn't cover
tracks - and if that's the case, you could find your answer there.

-- 
Best regards,
Chris

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070620/42a93af1/attachment.sig>

More information about the ubuntu-users mailing list