Started by emond, March 02, 2007, 05:15:15 pm
QuoteThe 'whoami' program uses the current uid (or is it euid; I can't remember) and tries to lookup its matching username in the password file ( via getpwuid(uid) or something similar ). When the call fails i.e. when there is no entry with that uid, its does not know what the username is and so puts 'Intruder alert' instead. As for 'who am i' that just looks at the file /etc/utmp which is filled in by the 'login' program. Having given you the background info you can deduce the rest... Oh... alright ... Whats happened is the password file is ok when the user is logging in, but between that time and the 'whoami', the password file entry for that user gets corrupted or removed. by a another root user say. To find out which entry or if it has been removed do this :- csh> whoami Intruder alert. csh> rm -f junk csh> touch junk csh> ls -l junk -rw-r----- 1 1234 sys 0 Nov 16 11:09 junk csh> grep 1234 /etc/passwd > PS - Could it be because some user have the same password? No. Hope it helps. PS. One last point, amend text as appropriate if you are using NIS passwd server. -- Terry Yip. BNR Europe Ltd, London, England. T...@bnr.co.uk The opinions expressed here are not mine, even if I said they were. The opinions expressed here are not BNRs, even if I said they were. The opinions expressed here are not anybodies, even if I said they were.
QuoteLuis Cabrera Jan 31 2000, 3:00 amDAH! I just had a black out and my Turbo color slab is now sick it give me the following error while it boots: ghostface syslogd: going down on signal 15 autonfsmount: exiting erase ^? intr ^C kill^U # If I type whoami it give me back "Intruder Alert" If I type shutdown NOW it says " that must be tomorrow Can't you wait untill then?" I used fsck on it and I rebooted in single user mode and fscked it there as well but to no avail. I'd appreciate it if anyone could help me out here
QuoteBill Seng Feb 2 2000, 3:00 amIf I recall correctly this indicates a problem accessing root's home directory and/or .cshrc (and other root user files?), which is why you get the "Intruder Alert" message. Try booting into single user mode (type bsd -s at the NeXT> boot prompt) and see if you can get into the root directory and/or root's .cshrc. I wish I could give you more than that. It happened to me a while ago when I was adding/removing disks on my system, which rendered certain files for the root user unavailable. Unfortunately, I don't know which ones....Of course, adding the disks in the right order and making root's user files accessible fixed it nicely. - Bill Seng