Some applications (daemos) need root's uid to work (crond, atd, etc)
radix
-----Original Message-----
From: Mulligan, Michael (DIS) <[EMAIL PROTECTED]>
To: Linuxconf Mailing List <[EMAIL PROTECTED]>
Date: Monday, November 09, 1998 6:00 PM
Subject: [linuxconf] is this a system compromise to our server (Starlite)?
>Would someone please tell me what these log entries mean? We have been
>notified of some dubious activities being performed on other servers via
>ours, but this is all we can find in our logs that seems odd.
>
>It is the (su) that concerns us.
>
>Nov 9 01:02:01 starlite PAM_pwdb[32495]: (su) session opened for user
>nobody by (uid=99)
>Nov 9 01:02:24 starlite PAM_pwdb[32495]: (su) session closed for user
>nobody
>
>thanks
>Michael
>
>---
>You are currently subscribed to linuxconf as: [EMAIL PROTECTED]
>To unsubscribe, forward this message to [EMAIL PROTECTED]
>
---
You are currently subscribed to linuxconf as: [[email protected]]
To unsubscribe, forward this message to [EMAIL PROTECTED]
