users

[tgs728]

i created one dir cat. own- root, grp- dba. someone hacked my root passwd and chacged settings. now i am getting the own of cat is 875 , grp - 1000. these 875,1000 does not exist in users and group.
how can i get know the problem

[cheesecake42]

If this system is sensitive at all I would highly suggest doing a complete wipe and reinstalling from scratch. If your system has in fact been compromised and somebody gained root access to your box then there is no telling what else they have added/modified on the system.

Sorry if that's not the answer you were looking for but it's just good practice in my opinion.

[deepeshtronics]

Hi,

Can you just write the following command and see the output?

cat /etc/passwd | egrep "875|1000"

By doing this you will come to know that who owns that dir now.

Please tell if it helps you in some way!!

[Segfault]

If this system is sensitive at all I would highly suggest doing a complete wipe and reinstalling from scratch. If your system has in fact been compromised and somebody gained root access to your box then there is no telling what else they have added/modified on the system.

Sorry if that's not the answer you were looking for but it's just good practice in my opinion.

cheesecake42 is absolutely correct. You may want to disconnect it from net and investigate how did they get in but leaving it online or trying to "fix it" is out of question.

[tgs728]

i tried it but again it still showing same. but how is that posisible there are no userand group with 875& 1000.

[cheesecake42]

Whoever gained access to your system could have created a user and group with those uid/gid's, changed the permissions of that folder, and then deleted that user and group. If this was the case, then the file could still be stuck with those id's without a user/group associated with them.

[tgs728]

your suggestion is right but, i tried that root user can change a ownership of directory to any numeric/name which doesn't exist in users/group list