There is NO smoking gun in UNIX without auditing. Period. Frank gave you a way to guess. Guess means just that - take a stab based on circumstantial evidence.
Step 1:
This gives you the exact time of the incident, unless you have already set permissions back to what they are supposed to be.
Assuming this time is really correct try to correlate that with who was logged in at that time. If you are very lucky only one person was logged in. Otherwise you get to guess who did it. How to do this?
Try:
This lists who has logged in and when they logged out. Since the the system was rebooted, in the order of newest to oldest. You can see the timestamp on the file, you can see who was connected to the system at that time. That is the best you can do. Right now. Enable auditing. Then you are covered from now on.
Last edited by jim mcnamara; 01-26-2012 at 11:10 PM..
This User Gave Thanks to jim mcnamara For This Post:
I am unable to backup file on my tape drive
# mt -f /dev/st0 status
SCSI 2 tape drive:
File number=0, block number=0, partition=0.
Tape block size 0 bytes. Density code 0x25 (DDS-3).
Soft error count since last status=0
General status bits on (45010000):
BOT WR_PROT ONLINE IM_REP_EN
#... (6 Replies)
Hello Guruz,
Relay bad condition :mad:
Some has changed the permission to 777 recursively for /usr/bin directory by mistake. Now all the permission looks to be 777 on /usr/bin
Hence I am so many system related errors as 1 show below.
When I am trying to change the password, I am getting... (5 Replies)
I am trying to FTP files from windows to UNIX (IBM AIX). After having sent the files to unix server. Permisssion of the files becomes 640 (rw-r-----). I have to manually login to unix and do chmod 644 on the folder to give it permission. Is it possible that the files automaically be set to 644 on... (2 Replies)
I accidentally changed to sudo chmod a=w to my /usr/bin folder on my macbook with OS 10.5.8... Please help! I can't even get into a terminal correctly cause it displays:
-bash: uname: command not found
-bash: cut: command not found
-bash: uname: command not found
-bash: cut: command not found... (6 Replies)
As I understand the file permissions in UNIX is basically
Owner, group, others
Lets assume scott user who's primary group is dev creates a file called test.dat and then grants some privileges on that file...
scott@unix-host> echo "this is a test" > test.dat
scott@unix-host> chmod 640... (4 Replies)
HI all,
We had created new user using the command useradd -d /home/selva -s /usr/local/bin/bash selva. But it didnt created the home directory on /home. So i manually created, copied skel files manually and changed the owner from root to selva. At the same time i observed that so many files... (6 Replies)
Friends,
I've tried to modify the syslogs permission by using the perm option in the syslog configuration in AIX 6.1 TL 05. But its not getting applied after the configuration. Have restarted the syslog service also.
Need your help!:wall:
The below are the conf details and os versions
>... (1 Reply)
Hi All,
I have to work in the late nights some times for server maintenance and in a hurry to complete I am accidentally changing ownership or permission of directories :(
which have similar names ( /var in root and var of some other directory ).:confused:
Can some one suggest me with the... (1 Reply)
Hello everybody,
I have many mount points on my virtual Redhat server, two of them lost their (write) permission, so they became read-only filesystems.
I fixed this problem.
But I want to know why it happened? What is the reason behind that to avoid it again? Where can I find related logs?... (2 Replies)
Discussion started by: Mohannad
2 Replies
LEARN ABOUT OSX
acl_get_perm_np
ACL_GET_PERM_NP(3) BSD Library Functions Manual ACL_GET_PERM_NP(3)NAME
acl_get_perm_np -- check if a permission is set in a permission set
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <sys/types.h>
#include <sys/acl.h>
int
acl_get_perm_np(acl_permset_t permset_d, acl_perm_t perm);
DESCRIPTION
The acl_get_perm_np() function is a non-portable function that checks if a permission is set in a permission set.
RETURN VALUES
If the permission in perm is set in the permission set permset_d, a value of 1 is returned, otherwise a value of 0 is returned.
ERRORS
If any of the following conditions occur, the acl_get_perm_np() function will return a value of -1 and set global variable errno to the cor-
responding value:
[EINVAL] Argument perm does not contain a valid ACL permission or argument permset_d is not a valid ACL permset.
SEE ALSO acl(3), acl_add_perm(3), acl_clear_perms(3), acl_delete_perm(3), acl_get_permset(3), acl_set_permset(3), posix1e(3)STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17.
AUTHORS
Michael Smith
Chris D. Faulhaber
BSD April 10, 2001 BSD