There is NO smoking gun in UNIX without auditing. Period. Frank gave you a way to guess. Guess means just that - take a stab based on circumstantial evidence.
Step 1:
Code:
ls -lc file_in_question
This gives you the exact time of the incident, unless you have already set permissions back to what they are supposed to be.
Assuming this time is really correct try to correlate that with who was logged in at that time. If you are very lucky only one person was logged in. Otherwise you get to guess who did it. How to do this?
Try:
Code:
last | more
This lists who has logged in and when they logged out. Since the the system was rebooted, in the order of newest to oldest. You can see the timestamp on the file, you can see who was connected to the system at that time. That is the best you can do. Right now. Enable auditing. Then you are covered from now on.
Last edited by jim mcnamara; 01-26-2012 at 11:10 PM..
This User Gave Thanks to jim mcnamara For This Post:
I am unable to backup file on my tape drive
# mt -f /dev/st0 status
SCSI 2 tape drive:
File number=0, block number=0, partition=0.
Tape block size 0 bytes. Density code 0x25 (DDS-3).
Soft error count since last status=0
General status bits on (45010000):
BOT WR_PROT ONLINE IM_REP_EN
#... (6 Replies)
Hello Guruz,
Relay bad condition :mad:
Some has changed the permission to 777 recursively for /usr/bin directory by mistake. Now all the permission looks to be 777 on /usr/bin
Hence I am so many system related errors as 1 show below.
When I am trying to change the password, I am getting... (5 Replies)
I am trying to FTP files from windows to UNIX (IBM AIX). After having sent the files to unix server. Permisssion of the files becomes 640 (rw-r-----). I have to manually login to unix and do chmod 644 on the folder to give it permission. Is it possible that the files automaically be set to 644 on... (2 Replies)
I accidentally changed to sudo chmod a=w to my /usr/bin folder on my macbook with OS 10.5.8... Please help! I can't even get into a terminal correctly cause it displays:
-bash: uname: command not found
-bash: cut: command not found
-bash: uname: command not found
-bash: cut: command not found... (6 Replies)
As I understand the file permissions in UNIX is basically
Owner, group, others
Lets assume scott user who's primary group is dev creates a file called test.dat and then grants some privileges on that file...
scott@unix-host> echo "this is a test" > test.dat
scott@unix-host> chmod 640... (4 Replies)
HI all,
We had created new user using the command useradd -d /home/selva -s /usr/local/bin/bash selva. But it didnt created the home directory on /home. So i manually created, copied skel files manually and changed the owner from root to selva. At the same time i observed that so many files... (6 Replies)
Friends,
I've tried to modify the syslogs permission by using the perm option in the syslog configuration in AIX 6.1 TL 05. But its not getting applied after the configuration. Have restarted the syslog service also.
Need your help!:wall:
The below are the conf details and os versions
>... (1 Reply)
Hi All,
I have to work in the late nights some times for server maintenance and in a hurry to complete I am accidentally changing ownership or permission of directories :(
which have similar names ( /var in root and var of some other directory ).:confused:
Can some one suggest me with the... (1 Reply)
Hello everybody,
I have many mount points on my virtual Redhat server, two of them lost their (write) permission, so they became read-only filesystems.
I fixed this problem.
But I want to know why it happened? What is the reason behind that to avoid it again? Where can I find related logs?... (2 Replies)
Discussion started by: Mohannad
2 Replies
LEARN ABOUT BSD
chmod
CHMOD(1) General Commands Manual CHMOD(1)NAME
chmod - change mode
SYNOPSIS
chmod [ -Rf ] mode file ...
DESCRIPTION
The mode of each named file is changed according to mode, which may be absolute or symbolic. An absolute mode is an octal number con-
structed from the OR of the following modes:
4000 set user ID on execution
2000 set group ID on execution
1000 sticky bit, see chmod(2)
0400 read by owner
0200 write by owner
0100 execute (search in directory) by owner
0070 read, write, execute (search) by group
0007 read, write, execute (search) by others
A symbolic mode has the form:
[who] op permission [op permission] ...
The who part is a combination of the letters u (for user's permissions), g (group) and o (other). The letter a stands for all, or ugo. If
who is omitted, the default is a but the setting of the file creation mask (see umask(2)) is taken into account.
Op can be + to add permission to the file's mode, - to take away permission and = to assign permission absolutely (all other bits will be
reset).
Permission is any combination of the letters r (read), w (write), x (execute), X (set execute only if file is a directory or some other
execute bit is set), s (set owner or group id) and t (save text - sticky). Letters u, g, or o indicate that permission is to be taken from
the current mode. Omitting permission is only useful with = to take away all permissions.
When the -R option is given, chmod recursively descends its directory arguments setting the mode for each file as described above. When
symbolic links are encountered, their mode is not changed and they are not traversed.
If the -f option is given, chmod will not complain if it fails to change the mode on a file.
EXAMPLES
The first example denies write permission to others, the second makes a file executable by all if it is executable by anyone:
chmod o-w file
chmod +X file
Multiple symbolic modes separated by commas may be given. Operations are performed in the order specified. The letter s is only useful
with u or g.
Only the owner of a file (or the super-user) may change its mode.
SEE ALSO ls(1), chmod(2), stat(2), umask(2), chown(8)7th Edition May 22, 1986 CHMOD(1)