Re: [gentoo-user] acct-user/man usermod: user 'man' does not exist in /etc/passwd

[Michael <confabulate@kintzios.com>]

[-- Attachment #1: Type: text/plain, Size: 2322 bytes --]

On Thursday, 11 April 2024 12:58:17 BST Dale wrote:
> Michael wrote:
> > On Thursday, 11 April 2024 10:22:59 BST Dale wrote:
> >> I fixed it by commenting out the entry in the passwd file.  It then
> >> created a new entry.  I guess it was set wrong at some point.  Just
> >> looks like emerge would be able to update it tho.  Joost showing my
> >> setting was different gave me the clue that my current entry was wrong.
> >> I was kinda chicken to comment it out or remove it before then.  ;-)
> >> 
> >> Dale
> >> 
> >> :-)  :-)
> > 
> > It begs the question who/what could have changed the root group membership
> > to include the system account 'man'.  This is highly irregular.  Have you
> > looked at your backups to find out when /etc/group was changed last time?
> >  Also emerge.log to find the last time acct-user/man was installed
> > successfully before this error started occurring.
> 
> Well, this has been failing for a while.  It's just that with the
> profile change, I wanted to re-emerge all packages.  I'm sure this one
> hasn't really changed or anything but still, I wanted a clean start. 
> 
> My OS backup updates each week.  So, backups is far to up to date to
> know.  It's what I use to build the binary packages in.  I also
> sometimes experiment as well when some package is giving me grief.  I
> mostly just use the -k option on my main OS. 
> 
> I looked in /usr/share/man, I guess that is where most if not all man
> pages are, and they all appear to be owned by root and group is root. 
> Should they be owned by man?  If possible, can you post the owner and
> group for yours?  I can change mine.  I tested a few man pages, they all
> post fine but I'm usually root anyway.  Works for user dale to tho. 
> 
> Thanks.
> 
> Dale
> 
> :-)  :-) 

The /usr/share/man directory and man pages within it are owned by root:root; 
e.g.

# ls -al /usr/share/man/man8/agetty.8.bz2
-rw-r--r-- 1 root root 7307 Apr  4 10:46 /usr/share/man/man8/agetty.8.bz2

The problem in your case was the system account 'man' had been added to group 
'root'.  This creates a privilege escalation and as such it is suspicious.  
Had you done this by accident and now you corrected it, then hopefully you do 
not need to be unduly worried.  Had someone else done this ... then this 
should be setting off alarm bells.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]