[sllug-members]: Finding what process modifies files?

[Marc Christensen]

Mike Bourgeous wrote:
> Group and permissions are probably being changed by a security daemon 
> running, either through init or cron.  Check for one or more of those.  
> There are "nasty" little daemons out there that will chmod and chown 
> everything in /usr/bin and other folders to what they feel is most 
> secure, which is good for some cases, and bad for yours.
> 
> Mike Bourgeous

Hey, thanks for the great input from both Mike and Mitch.  I"ll have to 
take a closer look at audit.  I'm familiar with security settings that 
can change permissions and ownership on some distros as well.

It turns out that what is happening here is kind of strange.  I rely on 
a system group which should always be available in /etc/group.  However, 
during the upgrade where my RPM is getting installed, another RPM which 
thinks it owns that group, is removing it from /etc/group.  The problem 
is that the group is actually missing for a long period of time during 
which other RPMs which need that group are being installed.  What then 
happens is that RPM assigns the group and/or user 'root' to any file 
that needs a group or user that doesn't exist on the system.

So, in my case, my group permissions are getting set to 'root' rather 
than the group which I need to function correctly.  Hopefully it will be 
an easy task to identify and get the installation of the other RPM fixed.

--
Marc C.