Michael wrote: > On Thursday, 11 April 2024 12:58:17 BST Dale wrote: >> Michael wrote: >>> On Thursday, 11 April 2024 10:22:59 BST Dale wrote: >>>> I fixed it by commenting out the entry in the passwd file. It then >>>> created a new entry. I guess it was set wrong at some point. Just >>>> looks like emerge would be able to update it tho. Joost showing my >>>> setting was different gave me the clue that my current entry was wrong. >>>> I was kinda chicken to comment it out or remove it before then. ;-) >>>> >>>> Dale >>>> >>>> :-) :-) >>> It begs the question who/what could have changed the root group membership >>> to include the system account 'man'. This is highly irregular. Have you >>> looked at your backups to find out when /etc/group was changed last time? >>> Also emerge.log to find the last time acct-user/man was installed >>> successfully before this error started occurring. >> Well, this has been failing for a while. It's just that with the >> profile change, I wanted to re-emerge all packages. I'm sure this one >> hasn't really changed or anything but still, I wanted a clean start. >> >> My OS backup updates each week. So, backups is far to up to date to >> know. It's what I use to build the binary packages in. I also >> sometimes experiment as well when some package is giving me grief. I >> mostly just use the -k option on my main OS. >> >> I looked in /usr/share/man, I guess that is where most if not all man >> pages are, and they all appear to be owned by root and group is root. >> Should they be owned by man? If possible, can you post the owner and >> group for yours? I can change mine. I tested a few man pages, they all >> post fine but I'm usually root anyway. Works for user dale to tho. >> >> Thanks. >> >> Dale >> >> :-) :-) > The /usr/share/man directory and man pages within it are owned by root:root; > e.g. > > # ls -al /usr/share/man/man8/agetty.8.bz2 > -rw-r--r-- 1 root root 7307 Apr 4 10:46 /usr/share/man/man8/agetty.8.bz2 > > The problem in your case was the system account 'man' had been added to group > 'root'. This creates a privilege escalation and as such it is suspicious. > Had you done this by accident and now you corrected it, then hopefully you do > not need to be unduly worried. Had someone else done this ... then this > should be setting off alarm bells.
I don't recall editing this file ever. From my understanding, commands are used to manage that file. I can't say for sure but it's doubtful I edited that file. I can easily do a emerge -ek world if you think it would be wise to do so. I guess that would reset ownership of files as it reinstalls. Thoughts? Thanks. Dale :-) :-)
