Re: [gentoo-user] acct-user/man usermod: user 'man' does not exist in /etc/passwd

[Dale <rdalek1967@gmail.com>]

Michael wrote:
> On Thursday, 11 April 2024 12:58:17 BST Dale wrote:
>> Michael wrote:
>>> On Thursday, 11 April 2024 10:22:59 BST Dale wrote:
>>>> I fixed it by commenting out the entry in the passwd file.  It then
>>>> created a new entry.  I guess it was set wrong at some point.  Just
>>>> looks like emerge would be able to update it tho.  Joost showing my
>>>> setting was different gave me the clue that my current entry was wrong.
>>>> I was kinda chicken to comment it out or remove it before then.  ;-)
>>>>
>>>> Dale
>>>>
>>>> :-)  :-)
>>> It begs the question who/what could have changed the root group membership
>>> to include the system account 'man'.  This is highly irregular.  Have you
>>> looked at your backups to find out when /etc/group was changed last time?
>>>  Also emerge.log to find the last time acct-user/man was installed
>>> successfully before this error started occurring.
>> Well, this has been failing for a while.  It's just that with the
>> profile change, I wanted to re-emerge all packages.  I'm sure this one
>> hasn't really changed or anything but still, I wanted a clean start. 
>>
>> My OS backup updates each week.  So, backups is far to up to date to
>> know.  It's what I use to build the binary packages in.  I also
>> sometimes experiment as well when some package is giving me grief.  I
>> mostly just use the -k option on my main OS. 
>>
>> I looked in /usr/share/man, I guess that is where most if not all man
>> pages are, and they all appear to be owned by root and group is root. 
>> Should they be owned by man?  If possible, can you post the owner and
>> group for yours?  I can change mine.  I tested a few man pages, they all
>> post fine but I'm usually root anyway.  Works for user dale to tho. 
>>
>> Thanks.
>>
>> Dale
>>
>> :-)  :-) 
> The /usr/share/man directory and man pages within it are owned by root:root; 
> e.g.
>
> # ls -al /usr/share/man/man8/agetty.8.bz2
> -rw-r--r-- 1 root root 7307 Apr  4 10:46 /usr/share/man/man8/agetty.8.bz2
>
> The problem in your case was the system account 'man' had been added to group 
> 'root'.  This creates a privilege escalation and as such it is suspicious.  
> Had you done this by accident and now you corrected it, then hopefully you do 
> not need to be unduly worried.  Had someone else done this ... then this 
> should be setting off alarm bells.


I don't recall editing this file ever.  From my understanding, commands
are used to manage that file.  I can't say for sure but it's doubtful I
edited that file. 

I can easily do a emerge -ek world if you think it would be wise to do
so.  I guess that would reset ownership of files as it reinstalls. 
Thoughts?

Thanks.

Dale

:-)  :-)