Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@sapper-lx-test01 ~]# strace useradd -G operator -m -s /bin/sh -u 2020 operator1
- execve("/usr/sbin/useradd", ["useradd", "-G", "operator", "-m", "-s", "/bin/sh", "-u", "2020", "operator1"], [/* 22 vars */]) = 0
- brk(0) = 0x1000
- uname({sys="Linux", node="lume-lx-test01", ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffff060000
- access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
- open("/etc/ld.so.cache", O_RDONLY) = 3
- fstat(3, {st_mode=S_IFREG|0644, st_size=14295, ...}) = 0
- mmap(NULL, 14295, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fffff050000
- close(3) = 0
- open("/lib64/libaudit.so.1", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20(\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=141768, ...}) = 0
- mmap(NULL, 2236976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffffea00000
- mprotect(0x7ffffea17000, 2097152, PROT_NONE) = 0
- mmap(0x7ffffec17000, 49152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7ffffec17000
- close(3) = 0
- open("/lib64/libselinux.so.1", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320X\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=122040, ...}) = 0
- mmap(NULL, 2221912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffffe600000
- mprotect(0x7ffffe61d000, 2093056, PROT_NONE) = 0
- mmap(0x7ffffe81c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7ffffe81c000
- mmap(0x7ffffe81e000, 1880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7ffffe81e000
- close(3) = 0
- open("/lib64/libacl.so.1", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\36\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=31280, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffff040000
- mmap(NULL, 2126416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffffe200000
- mprotect(0x7ffffe207000, 2093056, PROT_NONE) = 0
- mmap(0x7ffffe406000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7ffffe406000
- close(3) = 0
- open("/lib64/libc.so.6", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\356\1\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=1921176, ...}) = 0
- mmap(NULL, 3750152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffffde00000
- mprotect(0x7ffffdf8a000, 2097152, PROT_NONE) = 0
- mmap(0x7ffffe18a000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18a000) = 0x7ffffe18a000
- mmap(0x7ffffe18f000, 18696, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7ffffe18f000
- close(3) = 0
- open("/lib64/libdl.so.2", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=19536, ...}) = 0
- mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffffda00000
- mprotect(0x7ffffda02000, 2097152, PROT_NONE) = 0
- mmap(0x7ffffdc02000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7ffffdc02000
- close(3) = 0
- open("/lib64/libattr.so.1", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\23\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=18712, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffff010000
- mmap(NULL, 2113888, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffffd600000
- mprotect(0x7ffffd604000, 2093056, PROT_NONE) = 0
- mmap(0x7ffffd803000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7ffffd803000
- close(3) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffff000000
- mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffeff0000
- arch_prctl(ARCH_SET_FS, 0x7ffffeff07a0) = 0
- mprotect(0x7ffffd803000, 4096, PROT_READ) = 0
- mprotect(0x7ffffdc02000, 4096, PROT_READ) = 0
- mprotect(0x7ffffe18a000, 16384, PROT_READ) = 0
- mprotect(0x7ffffe406000, 4096, PROT_READ) = 0
- mprotect(0x7ffffe81c000, 4096, PROT_READ) = 0
- mprotect(0x7ffffec17000, 4096, PROT_READ) = 0
- mprotect(0x7fffff416000, 4096, PROT_READ) = 0
- mprotect(0x7fffff01f000, 4096, PROT_READ) = 0
- munmap(0x7fffff050000, 14295) = 0
- statfs("/selinux", {f_type="EXT2_SUPER_MAGIC", f_bsize=512, f_blocks=252958613, f_bfree=251133226, f_bavail=251133226, f_files=251160149, f_ffree=251133226, f_fsid={23658520, 0}, f_namelen=255, f_frsize=512}) = 0
- brk(0) = 0x1000
- brk(0x22000) = 0x22000
- open("/proc/filesystems", O_RDONLY) = 3
- fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefe0000
- read(3, "nodev\tautofs\nnodev\tcgroup\nnodev\t"..., 512) = 71
- read(3, "", 512) = 0
- close(3) = 0
- munmap(0x7ffffefe0000, 4096) = 0
- socket(PF_NETLINK, SOCK_RAW, 9) = 3
- fcntl(3, F_SETFD, FD_CLOEXEC) = 0
- open("/usr/lib/locale/locale-archive", O_RDONLY) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=99158576, ...}) = 0
- mmap(NULL, 99158576, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7ffff7600000
- close(4) = 0
- open("/proc/sys/kernel/ngroups_max", O_RDONLY) = 4
- read(4, "16\n", 31) = 3
- close(4) = 0
- access("/etc/shadow", F_OK) = 0
- access("/etc/gshadow", F_OK) = 0
- open("/etc/default/useradd", O_RDONLY) = 4
- fstat(4, {st_mode=S_IFREG|0600, st_size=119, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefe0000
- read(4, "# useradd defaults file\nGROUP=10"..., 512) = 119
- socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
- connect(5, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
- close(5) = 0
- socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
- connect(5, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
- close(5) = 0
- open("/etc/nsswitch.conf", O_RDONLY) = 5
- fstat(5, {st_mode=S_IFREG|0644, st_size=1688, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefd0000
- read(5, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 2048) = 1688
- read(5, "", 2048) = 0
- close(5) = 0
- munmap(0x7ffffefd0000, 4096) = 0
- open("/etc/ld.so.cache", O_RDONLY) = 5
- fstat(5, {st_mode=S_IFREG|0644, st_size=14295, ...}) = 0
- mmap(NULL, 14295, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7ffffefd0000
- close(5) = 0
- open("/lib64/libnss_files.so.2", O_RDONLY) = 5
- read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 832) = 832
- fstat(5, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0
- mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7ffff7200000
- mprotect(0x7ffff720c000, 2097152, PROT_NONE) = 0
- mmap(0x7ffff740c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xc000) = 0x7ffff740c000
- close(5) = 0
- mprotect(0x7ffff740c000, 4096, PROT_READ) = 0
- munmap(0x7ffffefd0000, 14295) = 0
- open("/etc/group", O_RDONLY|O_CLOEXEC) = 5
- fcntl(5, F_GETFD) = 0x1 (flags FD_CLOEXEC)
- fstat(5, {st_mode=S_IFREG|0644, st_size=566, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefd0000
- read(5, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 1024) = 566
- close(5) = 0
- munmap(0x7ffffefd0000, 4096) = 0
- read(4, "", 512) = 0
- close(4) = 0
- munmap(0x7ffffefe0000, 4096) = 0
- open("/etc/group", O_RDONLY|O_CLOEXEC) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=566, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefe0000
- read(4, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 1024) = 566
- read(4, "", 1024) = 0
- close(4) = 0
- munmap(0x7ffffefe0000, 4096) = 0
- open("/usr/share/locale/locale.alias", O_RDONLY) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=2512, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefe0000
- read(4, "# Locale name alias data base.\n#"..., 2560) = 2512
- read(4, "", 2560) = 0
- close(4) = 0
- munmap(0x7ffffefe0000, 4096) = 0
- open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en_US.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en_US/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
- write(2, "useradd: group 'operator' does n"..., 41useradd: group 'operator' does not exist
- ) = 41
- exit_group(6) = ?
- +++ exited with 6 +++
- [root@lume-lx-test01 ~]# strace useradd -m -s /bin/sh -u 2020 operator1
- execve("/usr/sbin/useradd", ["useradd", "-m", "-s", "/bin/sh", "-u", "2020", "operator1"], [/* 22 vars */]) = 0
- brk(0) = 0x1000
- uname({sys="Linux", node="lume-lx-test01", ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffff070000
- access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
- open("/etc/ld.so.cache", O_RDONLY) = 3
- fstat(3, {st_mode=S_IFREG|0644, st_size=14295, ...}) = 0
- mmap(NULL, 14295, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fffff060000
- close(3) = 0
- open("/lib64/libaudit.so.1", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20(\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=141768, ...}) = 0
- mmap(NULL, 2236976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffffea00000
- mprotect(0x7ffffea17000, 2097152, PROT_NONE) = 0
- mmap(0x7ffffec17000, 49152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7ffffec17000
- close(3) = 0
- open("/lib64/libselinux.so.1", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320X\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=122040, ...}) = 0
- mmap(NULL, 2221912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffffe600000
- mprotect(0x7ffffe61d000, 2093056, PROT_NONE) = 0
- mmap(0x7ffffe81c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7ffffe81c000
- mmap(0x7ffffe81e000, 1880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7ffffe81e000
- close(3) = 0
- open("/lib64/libacl.so.1", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\36\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=31280, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffff050000
- mmap(NULL, 2126416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffffe200000
- mprotect(0x7ffffe207000, 2093056, PROT_NONE) = 0
- mmap(0x7ffffe406000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7ffffe406000
- close(3) = 0
- open("/lib64/libc.so.6", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\356\1\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=1921176, ...}) = 0
- mmap(NULL, 3750152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffffde00000
- mprotect(0x7ffffdf8a000, 2097152, PROT_NONE) = 0
- mmap(0x7ffffe18a000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18a000) = 0x7ffffe18a000
- mmap(0x7ffffe18f000, 18696, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7ffffe18f000
- close(3) = 0
- open("/lib64/libdl.so.2", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=19536, ...}) = 0
- mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffffda00000
- mprotect(0x7ffffda02000, 2097152, PROT_NONE) = 0
- mmap(0x7ffffdc02000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7ffffdc02000
- close(3) = 0
- open("/lib64/libattr.so.1", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\23\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=18712, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffff040000
- mmap(NULL, 2113888, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ffffd600000
- mprotect(0x7ffffd604000, 2093056, PROT_NONE) = 0
- mmap(0x7ffffd803000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7ffffd803000
- close(3) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffff010000
- mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffff000000
- arch_prctl(ARCH_SET_FS, 0x7fffff0007a0) = 0
- mprotect(0x7ffffd803000, 4096, PROT_READ) = 0
- mprotect(0x7ffffdc02000, 4096, PROT_READ) = 0
- mprotect(0x7ffffe18a000, 16384, PROT_READ) = 0
- mprotect(0x7ffffe406000, 4096, PROT_READ) = 0
- mprotect(0x7ffffe81c000, 4096, PROT_READ) = 0
- mprotect(0x7ffffec17000, 4096, PROT_READ) = 0
- mprotect(0x7fffff416000, 4096, PROT_READ) = 0
- mprotect(0x7fffff01f000, 4096, PROT_READ) = 0
- munmap(0x7fffff060000, 14295) = 0
- statfs("/selinux", {f_type="EXT2_SUPER_MAGIC", f_bsize=512, f_blocks=252958613, f_bfree=251133226, f_bavail=251133226, f_files=251160149, f_ffree=251133226, f_fsid={23658520, 0}, f_namelen=255, f_frsize=512}) = 0
- brk(0) = 0x1000
- brk(0x22000) = 0x22000
- open("/proc/filesystems", O_RDONLY) = 3
- fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffeff0000
- read(3, "nodev\tautofs\nnodev\tcgroup\nnodev\t"..., 512) = 71
- read(3, "", 512) = 0
- close(3) = 0
- munmap(0x7ffffeff0000, 4096) = 0
- socket(PF_NETLINK, SOCK_RAW, 9) = 3
- fcntl(3, F_SETFD, FD_CLOEXEC) = 0
- open("/usr/lib/locale/locale-archive", O_RDONLY) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=99158576, ...}) = 0
- mmap(NULL, 99158576, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7ffff7600000
- close(4) = 0
- open("/proc/sys/kernel/ngroups_max", O_RDONLY) = 4
- read(4, "16\n", 31) = 3
- close(4) = 0
- access("/etc/shadow", F_OK) = 0
- access("/etc/gshadow", F_OK) = 0
- open("/etc/default/useradd", O_RDONLY) = 4
- fstat(4, {st_mode=S_IFREG|0600, st_size=119, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffeff0000
- read(4, "# useradd defaults file\nGROUP=10"..., 512) = 119
- socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
- connect(5, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
- close(5) = 0
- socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
- connect(5, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
- close(5) = 0
- open("/etc/nsswitch.conf", O_RDONLY) = 5
- fstat(5, {st_mode=S_IFREG|0644, st_size=1688, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefe0000
- read(5, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 2048) = 1688
- read(5, "", 2048) = 0
- close(5) = 0
- munmap(0x7ffffefe0000, 4096) = 0
- open("/etc/ld.so.cache", O_RDONLY) = 5
- fstat(5, {st_mode=S_IFREG|0644, st_size=14295, ...}) = 0
- mmap(NULL, 14295, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7ffffefe0000
- close(5) = 0
- open("/lib64/libnss_files.so.2", O_RDONLY) = 5
- read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 832) = 832
- fstat(5, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0
- mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7ffff7200000
- mprotect(0x7ffff720c000, 2097152, PROT_NONE) = 0
- mmap(0x7ffff740c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xc000) = 0x7ffff740c000
- close(5) = 0
- mprotect(0x7ffff740c000, 4096, PROT_READ) = 0
- munmap(0x7ffffefe0000, 14295) = 0
- open("/etc/group", O_RDONLY|O_CLOEXEC) = 5
- fcntl(5, F_GETFD) = 0x1 (flags FD_CLOEXEC)
- fstat(5, {st_mode=S_IFREG|0644, st_size=566, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefe0000
- read(5, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 1024) = 566
- close(5) = 0
- munmap(0x7ffffefe0000, 4096) = 0
- read(4, "", 512) = 0
- close(4) = 0
- munmap(0x7ffffeff0000, 4096) = 0
- open("/etc/login.defs", O_RDONLY) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=1816, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffeff0000
- read(4, "#\n# Please note that the paramet"..., 2048) = 1816
- read(4, "", 2048) = 0
- close(4) = 0
- munmap(0x7ffffeff0000, 4096) = 0
- socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
- connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
- close(4) = 0
- socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
- connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
- close(4) = 0
- open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=1116, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffeff0000
- read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 1536) = 1116
- read(4, "", 1536) = 0
- close(4) = 0
- munmap(0x7ffffeff0000, 4096) = 0
- open("/etc/group", O_RDONLY|O_CLOEXEC) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=566, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffeff0000
- read(4, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 1024) = 566
- read(4, "", 1024) = 0
- close(4) = 0
- munmap(0x7ffffeff0000, 4096) = 0
- open("/etc/.pwd.lock", O_WRONLY|O_CREAT|O_CLOEXEC, 0600) = 4
- fcntl(4, F_GETFD) = 0x1 (flags FD_CLOEXEC)
- rt_sigaction(SIGALRM, {0x7ffffdeef1b0, ~[], SA_RESTORER, 0x7ffffde326a0}, {SIG_DFL, [], 0}, 8) = 0
- rt_sigprocmask(SIG_UNBLOCK, [ALRM], [], 8) = 0
- alarm(15) = 0
- fcntl(4, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0
- alarm(0) = 15
- rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
- rt_sigaction(SIGALRM, {SIG_DFL, [], SA_RESTORER, 0x7ffffde326a0}, NULL, 8) = 0
- getpid() = 15267
- open("/etc/passwd.15267", O_WRONLY|O_CREAT|O_EXCL, 0600) = 5
- write(5, "15267\0", 6) = 6
- close(5) = 0
- link("/etc/passwd.15267", "/etc/passwd.lock") = 0
- stat("/etc/passwd.15267", {st_mode=S_IFREG|0600, st_size=6, ...}) = 0
- unlink("/etc/passwd.15267") = 0
- open("/etc/passwd", O_RDWR) = 5
- fcntl(5, F_SETFD, FD_CLOEXEC) = 0
- fstat(5, {st_mode=S_IFREG|0644, st_size=1116, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffeff0000
- read(5, "root:x:0:0:root:/root:/bin/bash\n"..., 1536) = 1116
- read(5, "", 1536) = 0
- open("/etc/shadow.15267", O_WRONLY|O_CREAT|O_EXCL, 0600) = 6
- write(6, "15267\0", 6) = 6
- close(6) = 0
- link("/etc/shadow.15267", "/etc/shadow.lock") = 0
- stat("/etc/shadow.15267", {st_mode=S_IFREG|0600, st_size=6, ...}) = 0
- unlink("/etc/shadow.15267") = 0
- open("/etc/shadow", O_RDWR) = 6
- fcntl(6, F_SETFD, FD_CLOEXEC) = 0
- fstat(6, {st_mode=S_IFREG, st_size=1364, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefe0000
- read(6, "root:$6$ue/ZiMQWrYVUXhiZ$mC.SOwu"..., 1536) = 1364
- read(6, "", 1536) = 0
- open("/etc/group.15267", O_WRONLY|O_CREAT|O_EXCL, 0600) = 7
- write(7, "15267\0", 6) = 6
- close(7) = 0
- link("/etc/group.15267", "/etc/group.lock") = 0
- stat("/etc/group.15267", {st_mode=S_IFREG|0600, st_size=6, ...}) = 0
- unlink("/etc/group.15267") = 0
- open("/etc/group", O_RDWR) = 7
- fcntl(7, F_SETFD, FD_CLOEXEC) = 0
- fstat(7, {st_mode=S_IFREG|0644, st_size=566, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefd0000
- read(7, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 1024) = 566
- read(7, "", 1024) = 0
- open("/etc/gshadow.15267", O_WRONLY|O_CREAT|O_EXCL, 0600) = 8
- write(8, "15267\0", 6) = 6
- close(8) = 0
- link("/etc/gshadow.15267", "/etc/gshadow.lock") = 0
- stat("/etc/gshadow.15267", {st_mode=S_IFREG|0600, st_size=6, ...}) = 0
- unlink("/etc/gshadow.15267") = 0
- open("/etc/gshadow", O_RDWR) = 8
- fcntl(8, F_SETFD, FD_CLOEXEC) = 0
- fstat(8, {st_mode=S_IFREG, st_size=480, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefc0000
- read(8, "root:::\nbin:::bin,daemon\ndaemon:"..., 512) = 480
- read(8, "", 512) = 0
- open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 9
- fstat(9, {st_mode=S_IFREG|0644, st_size=1116, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefb0000
- read(9, "root:x:0:0:root:/root:/bin/bash\n"..., 1536) = 1116
- read(9, "", 1536) = 0
- close(9) = 0
- munmap(0x7ffffefb0000, 4096) = 0
- open("/etc/group", O_RDONLY|O_CLOEXEC) = 9
- fstat(9, {st_mode=S_IFREG|0644, st_size=566, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefb0000
- read(9, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 1024) = 566
- read(9, "", 1024) = 0
- close(9) = 0
- munmap(0x7ffffefb0000, 4096) = 0
- time([1453923998]) = 1453923998
- open("/etc/localtime", O_RDONLY) = 9
- fstat(9, {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
- fstat(9, {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefb0000
- read(9, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\1\0\0\0\0"..., 512) = 118
- lseek(9, -62, SEEK_CUR) = 56
- read(9, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\1\0\0\0\0"..., 512) = 62
- close(9) = 0
- munmap(0x7ffffefb0000, 4096) = 0
- socket(PF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 9
- connect(9, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = 0
- sendto(9, "<86>Jan 27 19:46:38 useradd[1526"..., 71, MSG_NOSIGNAL, NULL, 0) = 71
- readlink("/proc/self/exe", "/usr/sbin/useradd", 4096) = 17
- ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B9600 opost isig icanon echo ...}) = 0
- readlink("/proc/self/fd/0", "/dev/pts/12", 31) = 11
- lstat("/dev/pts/12", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 12), ...}) = 0
- sendto(3, "x\0\0\0\\\4\5\0\1\0\0\0\0\0\0\0op=adding group "..., 120, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = -1 ECONNREFUSED (Connection refused)
- time(NULL) = 1453923998
- time([1453923998]) = 1453923998
- sendto(9, "<86>Jan 27 19:46:38 useradd[1526"..., 117, MSG_NOSIGNAL, NULL, 0) = 117
- open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 10
- fstat(10, {st_mode=S_IFREG|0644, st_size=1116, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefb0000
- read(10, "root:x:0:0:root:/root:/bin/bash\n"..., 1536) = 1116
- read(10, "", 1536) = 0
- close(10) = 0
- munmap(0x7ffffefb0000, 4096) = 0
- access("/var/log/faillog", F_OK) = -1 ENOENT (No such file or directory)
- access("/var/log/lastlog", F_OK) = 0
- open("/var/log/lastlog", O_RDWR) = 10
- lseek(10, 589840, SEEK_SET) = 589840
- write(10, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 292) = 292
- fsync(10) = 0
- close(10) = 0
- ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B9600 opost isig icanon echo ...}) = 0
- readlink("/proc/self/fd/0", "/dev/pts/12", 31) = 11
- lstat("/dev/pts/12", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 12), ...}) = 0
- sendto(3, "p\0\0\0Z\4\5\0\2\0\0\0\0\0\0\0op=adding user i"..., 112, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = -1 ECONNREFUSED (Connection refused)
- fstat(5, {st_mode=S_IFREG|0644, st_size=1116, ...}) = 0
- fstat(5, {st_mode=S_IFREG|0644, st_size=1116, ...}) = 0
- umask(077) = 022
- open("/etc/passwd-", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 10
- umask(022) = 077
- lseek(5, 0, SEEK_SET) = 0
- read(5, "root:x:0:0:root:/root:/bin/bash\n"..., 1536) = 1116
- fstat(10, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefb0000
- read(5, "", 1536) = 0
- write(10, "root:x:0:0:root:/root:/bin/bash\n"..., 1116) = 1116
- fsync(10) = 0
- close(10) = 0
- munmap(0x7ffffefb0000, 4096) = 0
- utime("/etc/passwd-", [2016/01/27-18:07:18, 2016/01/27-18:07:18]) = 0
- close(5) = 0
- munmap(0x7ffffeff0000, 4096) = 0
- umask(0777) = 022
- open("/etc/passwd+", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5
- umask(022) = 0777
- fchown(5, 0, 0) = 0
- fchmod(5, 0644) = 0
- fstat(5, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
- mmap(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffef9f000
- write(5, "root:x:0:0:root:/root:/bin/bash\n"..., 1163) = 1163
- fsync(5) = 0
- close(5) = 0
- munmap(0x7ffffef9f000, 131072) = 0
- lstat("/etc/passwd", {st_mode=S_IFREG|0644, st_size=1116, ...}) = 0
- rename("/etc/passwd+", "/etc/passwd") = 0
- fstat(6, {st_mode=S_IFREG, st_size=1364, ...}) = 0
- fstat(6, {st_mode=S_IFREG, st_size=1364, ...}) = 0
- umask(077) = 022
- open("/etc/shadow-", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5
- umask(022) = 077
- lseek(6, 0, SEEK_SET) = 0
- read(6, "root:$6$ue/ZiMQWrYVUXhiZ$mC.SOwu"..., 1536) = 1364
- fstat(5, {st_mode=S_IFREG, st_size=0, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefb0000
- read(6, "", 1536) = 0
- write(5, "root:$6$ue/ZiMQWrYVUXhiZ$mC.SOwu"..., 1364) = 1364
- fsync(5) = 0
- close(5) = 0
- munmap(0x7ffffefb0000, 4096) = 0
- utime("/etc/shadow-", [2016/01/27-18:07:19, 2016/01/27-18:07:19]) = 0
- close(6) = 0
- munmap(0x7ffffefe0000, 4096) = 0
- umask(0777) = 022
- open("/etc/shadow+", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5
- umask(022) = 0777
- fchown(5, 0, 0) = 0
- fchmod(5, 0) = 0
- fstat(5, {st_mode=S_IFREG, st_size=0, ...}) = 0
- mmap(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefdf000
- write(5, "root:$6$ue/ZiMQWrYVUXhiZ$mC.SOwu"..., 1396) = 1396
- fsync(5) = 0
- close(5) = 0
- munmap(0x7ffffefdf000, 131072) = 0
- lstat("/etc/shadow", {st_mode=S_IFREG, st_size=1364, ...}) = 0
- rename("/etc/shadow+", "/etc/shadow") = 0
- fstat(7, {st_mode=S_IFREG|0644, st_size=566, ...}) = 0
- fstat(7, {st_mode=S_IFREG|0644, st_size=566, ...}) = 0
- umask(077) = 022
- open("/etc/group-", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5
- umask(022) = 077
- lseek(7, 0, SEEK_SET) = 0
- read(7, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 1024) = 566
- fstat(5, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffeff0000
- read(7, "", 1024) = 0
- write(5, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 566) = 566
- fsync(5) = 0
- close(5) = 0
- munmap(0x7ffffeff0000, 4096) = 0
- utime("/etc/group-", [2016/01/27-18:07:18, 2016/01/27-18:07:18]) = 0
- close(7) = 0
- munmap(0x7ffffefd0000, 4096) = 0
- umask(0777) = 022
- open("/etc/group+", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5
- umask(022) = 0777
- fchown(5, 0, 0) = 0
- fchmod(5, 0644) = 0
- fstat(5, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
- mmap(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefdf000
- write(5, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 584) = 584
- fsync(5) = 0
- close(5) = 0
- munmap(0x7ffffefdf000, 131072) = 0
- lstat("/etc/group", {st_mode=S_IFREG|0644, st_size=566, ...}) = 0
- rename("/etc/group+", "/etc/group") = 0
- fstat(8, {st_mode=S_IFREG, st_size=480, ...}) = 0
- fstat(8, {st_mode=S_IFREG, st_size=480, ...}) = 0
- umask(077) = 022
- open("/etc/gshadow-", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5
- umask(022) = 077
- lseek(8, 0, SEEK_SET) = 0
- read(8, "root:::\nbin:::bin,daemon\ndaemon:"..., 512) = 480
- fstat(5, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffeff0000
- read(8, "", 512) = 0
- write(5, "root:::\nbin:::bin,daemon\ndaemon:"..., 480) = 480
- fsync(5) = 0
- close(5) = 0
- munmap(0x7ffffeff0000, 4096) = 0
- utime("/etc/gshadow-", [2016/01/27-18:07:18, 2016/01/27-18:07:18]) = 0
- close(8) = 0
- munmap(0x7ffffefc0000, 4096) = 0
- umask(0777) = 022
- open("/etc/gshadow+", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5
- umask(022) = 0777
- fchown(5, 0, 0) = 0
- fchmod(5, 0) = 0
- fstat(5, {st_mode=S_IFREG, st_size=0, ...}) = 0
- mmap(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffffefdf000
- write(5, "root:::\nbin:::bin,daemon\ndaemon:"..., 494) = 494
- fsync(5) = 0
- close(5) = 0
- munmap(0x7ffffefdf000, 131072) = 0
- lstat("/etc/gshadow", {st_mode=S_IFREG, st_size=480, ...}) = 0
- rename("/etc/gshadow+", "/etc/gshadow") = 0
- unlink("/etc/shadow.lock") = 0
- unlink("/etc/passwd.lock") = 0
- unlink("/etc/group.lock") = 0
- unlink("/etc/gshadow.lock") = 0
- vfork( <unfinished ...>
- --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15268, si_status=127, si_utime=0, si_stime=0} ---
- <... vfork resumed> ) = 15268
- wait4(15268, [{WIFEXITED(s) && WEXITSTATUS(s) == 127}], 0, NULL) = 15268
- vfork() = 15269
- --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x7fffffeff83c} ---
- +++ killed by SIGSEGV (core dumped) +++
- Segmentation fault (core dumped)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement