HP Sentry User Manual
Page 50
Section 2 - 20
SENTRY User’s Guide
Fitzgerald & Long
In UNIX every file has an owner and a group. The references to owners and groups are the UID and the
GID for each. The actual names are NOT stored, only the number. The numbers are translated by various
UNIX utilities through a “lookup” process in the passwd and group files. If a group is deleted which is the
group for files, the GID will continue to be the file group. Because this relationship between group, GIDs
and file group is only a logical link, it is common to find files with GIDs which don’t exist on the system.
This can be a serious security problem should the System Administrator delete a group (where the group is
associated with files) and later reassign a new group name and new users to an old number. It is possible
the users in the new group would then have access to files they should not be allowed to use. SENTRY
will notify the System Administrator of this issue when a group is deleted.
When a group is deleted which is the group for files and the GID is unique, SENTRY will advise the
Administrator and offer a menu of four choices. Here is an example of this screen.
GROUP.MAINT Group Maintenance 08/14/00
***** FILE GROUP CONFLICT *****
The group you are about to delete owns 1 file on the system.
If you delete the group without changing the ownership of the
files, there will be no registered group for these files on
your system. You have several choices:
A) View the list of files in question.
B) Continue to delete the group / leave files as they are.
C) Change ownership of these files to another group.
D) Do not delete this group.
Please enter your choice of methods to resolve this conflict.
Figure 22 - This is a sample of the FILE GROUP CONFLICT screen. The user is offered four choices.
Enter the letter to the left of your choice to execute.
The four choices provided through this screen are described in the following paragraphs.
A) View the list of files in question. This list of files will be displayed in a scrolling window. Note
that the number of files owned by the group will be displayed in the “FILE GROUP CONFLICT” screen
(Figure 22). Enter “A” to view this list.
In the following screen note that SENTRY displays a list of all files owned by this group. This is a
scrolling window if there are more files than can be displayed on one screen. User “F” or “B” to scroll
forward or backward. Enter <ESC> to leave this screen.