Results 1 to 4 of 4
I ran chkrootkit to see if my machine is alright, and it reports that I am - I'm not sure if I'm just slow here or what the story is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-21-2007 #1
A bit worried about processes
The following process are running under uid 101. I don't have a user 101 on my system -Code:
101 15384 0.0 0.3 5848 4120 ? Ss Feb20 0:01 /usr/sbin/hald --daemon=yes 101 15426 0.0 0.0 2028 852 ? S Feb20 0:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.socket 101 15435 0.0 0.0 2024 864 ? S Feb20 0:00 hald-addon-keyboard: listening on /dev/input/event1
- 02-21-2007 #2
Is that ps -ef output?
It's pretty strange. What might have occurred is during some upgrade, the user that normally runs hald (haldaemon on my box) was changed to a different UID.
Consider this situation:
1. Under Some-Linux-5.1.1, haldaemon corresponds to UID 101 in /etc/passwd.
2. Following upgrade to Some-Linux-5.1.2, the hal maintainer decides that haldaemon should now correspond to UID 68 in /etc/password.
3. The upgrade itself does not kill hald, thus the process is still running with its old UID.
Rebooting your box or restarting hald should correct the problem. If it doesn't, there may be something else strange going on.
- 02-21-2007 #3
- 02-27-2007 #4
The executable /usr/bin/hald is the hal daemon. It's installed by default on my Mandriva system, and apparently on your system too.
I've found the rpm -qf command invaluable for tracking down things like this.