# Unkown Usernames on my system

## Utoxin

I just glanced at /etc/passwd and there are two unfamiliar usernames in there that are in the 1000's, where 'normal' users are supposed to go.

 *Quote:*   

> meekrob:x:1000:100::/home/meekrob:/bin/bash
> 
> apache:x:1001:407:apache:/home/httpd:/bin/false
> 
> verwilst:x:1002:100::/home/verwilst:
> ...

 

I'm familiar with the apache user, but are meekrob and verwilst created by some process that I don't know about? Or should I worry about a possible security breach?

----------

## delta407

Look at their home directories and see what you can see. Google says nothing common about either, so this doesn't look good. Ye may have been r00ted.

----------

## Utoxin

I just had a thought... I used the new 1.3a tarball, so I'm going to check that and see if they're included in that.

----------

## Utoxin

Just checked. That's where they're from. So no worries.

----------

## delta407

What's particularily bothersome is that meekrob actually has a shell -- daemon users don't. Also note the group IDs, they're each 100 (users), which daemons don't have either.

----------

## delta407

 *Utoxin wrote:*   

> So no worries.

 

Run passwd on each anyway. Seems like a slip-up in 1.3a packaging, to me, but it could allow someone access to your machine (and many others).

----------

## Utoxin

Way ahead of you.  :Wink: 

----------

## delta407

 *Quote:*   

> Way ahead of you.

 

Good. Are you going to report this to bugs.gentoo.org or should I?  :Smile: 

----------

## klieber

 *delta407 wrote:*   

> What's particularily bothersome is that meekrob actually has a shell

 

meekrob and verwilst are both developers on the Gentoo project -- what you're seeing is likely an oversight.  Before people start screaming about conspiracies and backdoors, this is likely an honest mistake that someone made -- forgetting to remove a user account before something made it into production.  (of course, I think 1.3a is still in development...)

Regardless, you should probably file a bug on this on bugs.gentoo.org.  (after ensuring that no one else has already filed a similar bug.  :Smile: )  

--kurt

----------

## Utoxin

I'll go ahead and file it.

----------

## delta407

 *klieber wrote:*   

>  *delta407 wrote:*   What's particularily bothersome is that meekrob actually has a shell 
> 
> meekrob and verwilst are both developers on the Gentoo project -- what you're seeing is likely an oversight.  Before people start screaming about conspiracies and backdoors, this is likely an honest mistake that someone made -- forgetting to remove a user account before something made it into production.

 

Yes, but delta407 also said:

 *delta407 wrote:*   

> Seems like a slip-up in 1.3a packaging, to me, but it could allow someone access to your machine (and many others).

 

 *klieber wrote:*   

> 
> 
> Regardless, you should probably file a bug on this on bugs.gentoo.org.  (after ensuring that no one else has already filed a similar bug. )

 

Me, Utoxin, or someone else?

----------

## klieber

 *delta407 wrote:*   

> Yes, but delta407 also said:
> 
>  *delta407 wrote:*   Seems like a slip-up in 1.3a packaging, to me, but it could allow someone access to your machine (and many others). 

 

I never said it wasn't a problem.  I agree that it is bad.  I merely stated it probably wasn't intentional.

 *klieber wrote:*   

> Me, Utoxin, or someone else?

 

Someone who's willing to take up the cause.

--kurt

----------

## delta407

 *klieber wrote:*   

> I merely stated it probably wasn't intentional.

 

And I agreed with you  :Smile: 

 *klieber wrote:*   

> Someone who's willing to take up the cause.

 

Bugzilla has been notified.

----------

## klieber

 *delta407 wrote:*   

> And I agreed with you 

 

Ah -- I understand now.  Sorry -- I didn't mean you when I talked about conspiracies.  I was just speaking in a general sense.  Often times, hysteria can overwhelm common sense when these kinds of bugs are discovered.  :Smile: 

Anyway, thanks for filing the bug -- please let us know if you get a response.  I'd be curious to know the resolution of this issue.

--kurt

----------

## Utoxin

Since the bug report has been filed, I went ahead and just used userdel to remove the users from the system entirely.

----------

## Chemtux

For 1.3a you have to send a bug-report by email to bart verwilst directly

----------

