how about whoami? It will make it very clear what the line does. $ whoami mstearn $ sudo whoami Password: root
On 10/12/05, Rob <[EMAIL PROTECTED]> wrote: > On Wed, Oct 12, 2005 at 10:41:48AM -0400, Joe Barrett wrote: > > While Rob is completely right, you may also want to check if `id -g` == > > 0 as well. I'm not sure what purpose you're using the script for, but > > sometimes an intruder may add themselves to the root group instead of > > just giving themself the root account, to escape detection. And if no > > other reason, you never know when someone's odd setup may involve a > > non-root user in the root group. > > [this conv is moving OT; sorry ;-)] > > You've lost me Joe. > > Group root doesn't have much privileges: it can't open arbitary files, > bind low ports, etc... Why would an attacker add himself to group root > instead of a uid=0 account? The only thing about group root is there > might be programs that only people in group root can run and be setuid > (i.e., perm 4750 or similar), and a quick check on my system (Fedora 3), > such a thing doesn't exist. > > - Rob > . >
