PAUSE
PAGETURNER
ENCORE5
ENCORE
BOX
ILLUSTRATION
GO
Let us assume that there is a user on
the system with the login name boyk.
Initially his entry in the /etc/passwd
file was, as shown above:
root:sfshnNwQSjnpE:0:0::/:/bin/sh
cron:X:1:2::/:
admin::2:0::/:/bin/adminsh
bin:X:3:3::/:
uucp::4:4::/usr/spool/uucp:/usr/lib/uucp/uucico
network:X:7:7::/usr/spool/micnet:
yori:nRfPQoxTi52WI:101:100::/usr/yori:/bin/sh
boyk:skJUFKEUTH4e:103:100:Copy Boyk:/usr/boyk:/bin/sh
michael:WCSLzdMC9uvsE:102:100::/usr/miked:/bin/csh
guest::150:200::/usr/demo:/bin/rsh
His HOME directory on the system directory
tree was as shown above:
/
|
------------------------
/ / | \ \
/ / | \ \
bin etc usr
|
---------------------------
/ / | \ \
/ / | \ \
yori boyk local cti
|
-----------------
/ | \
/ | \
bin lib cti
lib
tmp
proj1
And his entry, in the /etc/group file
was as shown above!
root:X:0:root,admin,oper
other:X:1:
cron:X:2:cron
bin:X:3:bin,who,michael,dxu,dxu2
uucp::4:uucp
user:X:100:yori,boyk,dave
demo::200:guest,vdemo,cdemo
But it was soon determined that boyk was
copying and selling other users' software
and instantly boyk was removed from the system!
This resulted in the /etc/passwd file as shown above!
root:sfshnNwQSjnpE:0:0::/:/bin/sh
cron:X:1:2::/:
admin::2:0::/:/bin/adminsh
bin:X:3:3::/:
uucp::4:4::/usr/spool/uucp:/usr/lib/uucp/uucico
network:X:7:7::/usr/spool/micnet:
yori:nRfPQoxTi52WI:101:100::/usr/yori:/bin/sh
michael:WCSLzdMC9uvsE:102:100::/usr/miked:/bin/csh
guest::150:200::/usr/demo:/bin/rsh
His HOME directory from the file system tree
was removed, resulting in:
/
|
------------------------
/ / | \ \
/ / | \ \
bin etc usr
|
---------------------------
/ | \ \
/ | \ \
yori local cti
|
-----------------
/ | \
/ | \
bin lib cti
lib
tmp
proj1
And his name was deleted from the
the /etc/group file, i.e.
root:X:0:root,admin,oper
other:X:1:
cron:X:2:cron
bin:X:3:bin,who,michael,dxu,dxu2
uucp::4:uucp
user:X:100:yori,dave
demo::200:guest,vdemo,cdemo