From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 585E9158041 for ; Thu, 11 Apr 2024 14:52:26 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E1BA6E29F9; Thu, 11 Apr 2024 14:52:18 +0000 (UTC) Received: from dragonfly.birch.relay.mailchannels.net (dragonfly.birch.relay.mailchannels.net [23.83.209.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 5F0CCE29CF for ; Thu, 11 Apr 2024 14:52:16 +0000 (UTC) X-Sender-Id: thundermail|x-authsender|confabulate@kintzios.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id CAC7580F11 for ; Thu, 11 Apr 2024 14:52:10 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1712847130; a=rsa-sha256; cv=none; b=0a99SP+Ht1H9LqqPw2AEMC7yTaIPjdDuAN1Fqv7iALknhIuiaBF4LInRyLO+JC29djt/iM siaVHafX6wihLZT/Pra4vkSHnlGaaS+C1vGU7hQqX+7Badphdx76OwNnen023zvQjrgXi9 hS4BA9SIpqq9UXvxKxyIWFatDZcRluOa3mvQlNTJldly2w61g8FsyOg1VFFHDah5WBxAlH pKfJWJricX1U2n0U6Fgg+BFgcgVSKREYphZOPJiqnrN1XgignqsAZC31eHHP72VItUK9qb QjJlXWI3nqtICAElmmdXIypuBDBSxXbTi7sc6Rc3gDDOjRsWMRq6o1dTE0KO3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1712847130; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=Vviefiq82GVO/iAr3PfThb8esdUH76PY2JnC2SaNer8=; b=LaC1/Jj2hguIA8xLiuhdcUEqRGQeRMNM4/QYqFeX4ilW01n3/1y28ePqlP3hzabg5Tt9P6 DvWJ/2fHUT5p1sVhoYk5aJRv5ejMpgYQBXVGMZLTYzJIC7fIjm2G3fxl1X9qlDciW4AlAy pHJCnhAeMrSWsqQ7UVRPqt3qkmbYTxNVg1vXorJcJbpp5Hl+i7VWSnPFF63Goxhr0RfvmD 6odiOdZ7zKhQAf+nlDOdMntvKqPXzo7mUxCHnKu9oVU9UnfXoxogMP5w+7MTGeYgm8SwDx oENUVP/3lIhIBNZtH/Qq6d1IRkZq2rcDKQJNekYiASlVmUrwISE5aSI4ZKuMIw== ARC-Authentication-Results: i=1; rspamd-6f64594bc9-9x8p7; auth=pass smtp.auth=thundermail smtp.mailfrom=confabulate@kintzios.com X-Sender-Id: thundermail|x-authsender|confabulate@kintzios.com X-MC-Relay: Neutral X-MailChannels-SenderId: thundermail|x-authsender|confabulate@kintzios.com X-MailChannels-Auth-Id: thundermail X-Cooing-Wipe: 0de36e7f175bdc73_1712847130468_3410941983 X-MC-Loop-Signature: 1712847130468:3309224254 X-MC-Ingress-Time: 1712847130467 Received: from mailclean11.thundermail.uk (mailclean11.thundermail.uk [149.255.60.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.121.196.237 (trex/6.9.2); Thu, 11 Apr 2024 14:52:10 +0000 Received: from cloud238.thundercloud.uk (cloud238.thundercloud.uk [149.255.62.116]) by mailclean11.thundermail.uk (Postfix) with ESMTPS id C8B0D401EE for ; Thu, 11 Apr 2024 15:52:04 +0100 (BST) Authentication-Results: cloud238.thundercloud.uk; spf=pass (sender IP is 217.169.3.230) smtp.mailfrom=confabulate@kintzios.com smtp.helo=rogueboard.localnet Received-SPF: pass (cloud238.thundercloud.uk: connection is authenticated) From: Michael To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] acct-user/man usermod: user 'man' does not exist in /etc/passwd Date: Thu, 11 Apr 2024 15:52:04 +0100 Message-ID: <1816792.VLH7GnMWUR@rogueboard> In-Reply-To: <1773bbf7-f31d-f0b8-f1bb-a440b925e001@gmail.com> References: <8f2f20df-05f5-b512-c30b-f7b90614ca11@gmail.com> <3286668.aeNJFYEL58@rogueboard> <1773bbf7-f31d-f0b8-f1bb-a440b925e001@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart8427025.NyiUUSuA9g"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-PPP-Message-ID: <171284712419.2241190.17303831171334649645@cloud238.thundercloud.uk> X-PPP-Vhost: kintzios.com X-Rspamd-Queue-Id: C8B0D401EE X-Rspamd-Server: mailclean11 X-Spamd-Result: default: False [-1.61 / 999.00]; SIGNED_PGP(-2.00)[]; MID_RHS_NOT_FQDN(0.50)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; ONCE_RECEIVED(0.10)[]; MX_GOOD(-0.01)[]; R_SPF_ALLOW(0.00)[+mx]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:34931, ipnet:149.255.60.0/22, country:GB]; MISSING_XM_UA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_COUNT_ONE(0.00)[1]; R_DKIM_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; NEURAL_HAM(-0.00)[-0.959]; REPLYTO_ADDR_EQ_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; DMARC_POLICY_ALLOW(0.00)[kintzios.com,none]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[gentoo-user@lists.gentoo.org]; HAS_REPLYTO(0.00)[confabulate@kintzios.com] X-Rspamd-Action: no action X-Archives-Salt: d3b659cf-c595-4679-84d5-76ac799797e5 X-Archives-Hash: f32888b5192afbe9d301cee1267f6038 --nextPart8427025.NyiUUSuA9g Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="UTF-8"; protected-headers="v1" From: Michael To: gentoo-user@lists.gentoo.org Reply-To: confabulate@kintzios.com Date: Thu, 11 Apr 2024 15:52:04 +0100 Message-ID: <1816792.VLH7GnMWUR@rogueboard> In-Reply-To: <1773bbf7-f31d-f0b8-f1bb-a440b925e001@gmail.com> MIME-Version: 1.0 On Thursday, 11 April 2024 12:58:17 BST Dale wrote: > Michael wrote: > > On Thursday, 11 April 2024 10:22:59 BST Dale wrote: > >> I fixed it by commenting out the entry in the passwd file. It then > >> created a new entry. I guess it was set wrong at some point. Just > >> looks like emerge would be able to update it tho. Joost showing my > >> setting was different gave me the clue that my current entry was wrong. > >> I was kinda chicken to comment it out or remove it before then. ;-) > >> > >> Dale > >> > >> :-) :-) > > > > It begs the question who/what could have changed the root group membership > > to include the system account 'man'. This is highly irregular. Have you > > looked at your backups to find out when /etc/group was changed last time? > > Also emerge.log to find the last time acct-user/man was installed > > successfully before this error started occurring. > > Well, this has been failing for a while. It's just that with the > profile change, I wanted to re-emerge all packages. I'm sure this one > hasn't really changed or anything but still, I wanted a clean start. > > My OS backup updates each week. So, backups is far to up to date to > know. It's what I use to build the binary packages in. I also > sometimes experiment as well when some package is giving me grief. I > mostly just use the -k option on my main OS. > > I looked in /usr/share/man, I guess that is where most if not all man > pages are, and they all appear to be owned by root and group is root. > Should they be owned by man? If possible, can you post the owner and > group for yours? I can change mine. I tested a few man pages, they all > post fine but I'm usually root anyway. Works for user dale to tho. > > Thanks. > > Dale > > :-) :-) The /usr/share/man directory and man pages within it are owned by root:root; e.g. # ls -al /usr/share/man/man8/agetty.8.bz2 -rw-r--r-- 1 root root 7307 Apr 4 10:46 /usr/share/man/man8/agetty.8.bz2 The problem in your case was the system account 'man' had been added to group 'root'. This creates a privilege escalation and as such it is suspicious. Had you done this by accident and now you corrected it, then hopefully you do not need to be unduly worried. Had someone else done this ... then this should be setting off alarm bells. --nextPart8427025.NyiUUSuA9g Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEXqhvaVh2ERicA8Ceseqq9sKVZxkFAmYX+RQACgkQseqq9sKV ZxnJLA//ZuIitv467GxyZp5jc52IkY4urj/9jOpEp/1VGALaYM7ABh0hXo58uwwB CU8ku7FNVErPjt/Nt6kFObxUEEDLqTVjD3rulXTsv/ktCdSaGSiEdqM0vb5numbv kUahwrcOSjoryht/0KTsIrfJSKKtPoyJjHrbeGzWeYqnIcV6lBmUoycka7hjNCBO 7IRUbdir+f6fNGEJvEciPFBicSO41XSFuDuBRGQD3jTwutQ6moRmgL/l8NvXzBGE NK+vR6tPQKuLLUBzeUx0jSd8ho7y1J1YIVTjLf4Xl5JvE5Oejb9YemrzfVdsD6l2 07AuRh8dvQT9Irw+LmBN0iRFDESdzoR3JJH1iqVUsj0hWEh3UKVa7dLu/m4ABThS 0P0JQi0+Fv1JJRKRziH8ZXOwdikS9NJXO2n1yBIk/Ji/uQPHLHUv6njzoKnaH0lx GP+K/mI79Ie3t+Ppvb3yI49FBLdHgZE9dYz+PSMFsHF/KGEVZ0aAJaFvqEHDLTL3 nS1TcHSCIwif36zOGAEAIoyVDIIZo3NJAmUQGtxhA3BeMtNzCUZFbiRnPkkGyQt6 9C47+L6kCjvbq54p/qrd+vhvPzQKpLbk3GfNZkWFfIt9+5SfIQlabOgUmUyHhCu8 6C4XYOR4YP1d6achc27cksIjy/DhlR5b7cM7O/IqMLscW9xn7gU= =SkUj -----END PGP SIGNATURE----- --nextPart8427025.NyiUUSuA9g--