Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

User Profile Question

Status
Not open for further replies.

JustMeme

Technical User
Sep 26, 2019
2
US
Let me qualify this by saying I know ZERO about UNIX and it will probably show in this question....

I have a Synology DS2415+ that was giving me an error to the effect that the volume is read only when I tried to create a folder on it. I’ve been using this thing with no troubles for a year and suddenly today I can’t create folders on the volume. It has about 16TB free of 40 that are on the volume so it’s not close to being full. In mucking around trying to find the issue, I right clicked on the volume and selected the Properties and Security tab. In the Security tab, there is a UNIX User 208 (May be 280 but it’s been a long day and I can’t recall) profile that had full access rights. I didn’t create this and Synology says they have no idea why it would be there. I checked some other networked volumes that aren’t on the NAS that our IT department controls and none of them have this profile in the security settings. To be safe, I cut access for that profile. Now I can save files and folders like I used to be able to. I checked Disk Station Management on the NAS and that profile doesn’t show up in the users or groups sections so I’m reasonable certain that nobody has accessed the NAS. I use very strong passwords and enabled 2FA today as an extra precaution. Is this UNIX User profile anything to be concerned about? Sorry for the long post, wanted to get all the information out that may be helpful. Be gentle, I have no idea what to do if anything.
 
I would be very concerned about this.
I have a Synology as well, and there is no such user profile on it. Have had it for a couple of years now, has about the same total storage as yours (6 x 10TB drives in RAID 5).
You should consider the possibility that you have been hacked, no matter how good you think your security is. In this case in particular, I would be weary of an inside attack.



Best Regards,
Scott
MSc ISM, MIET, MASHRAE, CDCP, CDCS, CDCE, CTDC, CTIA, ATS

"I try to be nice, but sometimes my mouth doesn't cooperate.
 
If it shows a number instead of a name it means that the user is no longer in the /etc/passwd file or it's user# has been changed. The user# is the third field in the passwd row (separated by ":") The root user can reassign the full access to a different use by using the chown command. Only your unix administrator can do the maintenance

Bill
Lead Application Developer
New York State, USA
 
So if at some time I had allowed a Synology rep to access my system to look at some settings would that have been a username generated by him?
 
Yes it could be. The problem is that the user, group, and all other users are given permissions on every folder and file. The permission display are in the form

-rwxr----- 1 oracle DBA 60 Jun 19 2014 check_log.20237

The first hyphen is a "-" or a "d". D implies it's a directory
The next 3 are the permission given to the owner of the file/directory.
The next 3 are the permissions given to all members that belong to the group (DBA)
The last 3 are the rights given to everyone else on the server.

The 3 rights are rwx, r- read, w- write, x- execute

In the above example the oracle user has the right to read,write, and execute the file
Any member of the DBA group can only read the file
NO one who is not a member of the DBA group or is logged onto the server as oracle can read, write, or execute the file





Bill
Lead Application Developer
New York State, USA
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top