Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!zaphod.mps.ohio-state.edu!sdd.hp.com!hplabs!hpfcso!hpfcdc!rodean
From: rodean@hpfcdc.HP.COM (Bruce Rodean)
Newsgroups: comp.sys.hp
Subject: Re: Whats going on here then ?
Message-ID: <5570661@hpfcdc.HP.COM>
Date: 13 Jun 91 19:16:54 GMT
References: <1356@prlhp1.prl.philips.co.uk>
Organization: Hewlett-Packard Co., Ft. Collins, CO.
Lines: 22

In article <1356@prlhp1.prl.philips.co.uk> pearmana@prlhp1.prl.philips.co.uk (Andy Pearman) writes:
> A couple of weeks ago I upgraded my HP9000-350 to HP-UX6.5
> 
> Today I noticed a couple of odd processes (see below) running owned by 
> root, apparently going through the filesystem and doing something with 
> acl's for uids 248 and 251.  These uids in fact belonged to two users 
> that I deleted earlier today.
> 
> I notice that the processes appear to have been started by init, though
> I find no references in inittab.
> 
> Is this something new, and if so what's going on ?

You probably used SAM to remove those users, right?  It looks to me like
the finds are traversing through the filesystem looking for files that
have optional ACL entries for those users.  Those file names are being
piped into xargs commands such that chacl is called to delete any ACL
entries for those users.  If you never converted your system into a
trusted system, these commands would not do anything.

Bruce Rodean
rodean@hpfclg.fc.hp.com