Re: what's that?

To: Kirill Zverev <kirill@cmss.ru>
Cc: debian security <debian-security@lists.debian.org>
Subject: Re: what's that?
From: James Morgan <ventatsu@deadlode.com>
Date: Thu, 04 Apr 2002 23:47:15 -0600
Message-id: <[🔎] 5.1.0.14.0.20020404234551.00a13b80@64.19.35.130>
In-reply-to: <[🔎] 105041569.20020405112139@cmss.ru>

It's a cron job belonging to root that changes its user before it goes to work.

At 11:21 2002-04-05 +0600, Kirill Zverev wrote:

Hi!

I found that in my logs:

Apr  4 06:25:01 cmss su[30315]: + ??? root-nobody
Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobodyby (uid=0)
who could use su at six o'clock in the morning?

--
Regards,
 Kirill Zverev <mailto:kirill@cmss.ru>





--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- what's that?
  - From: Kirill Zverev <kirill@cmss.ru>

Prev by Date: Re: ssh allowing password logins even though its disabled
Next by Date: Re: what's that?
Previous by thread: what's that?
Next by thread: Re: what's that?
Index(es):
- Date
- Thread