Hi Folks
I’m hoping someone can explain why the core libraries have files with -nouser or -nogroup, I’m no expert but this looks like a security breach/flaw to me:
sudo find / -nouser -o -nogroup 2>/dev/null /snap/core20/2682/run/systemd/netif /snap/core20/2682/run/systemd/netif/leases /snap/core20/2682/run/systemd/netif/links /snap/core20/2682/run/systemd/netif/lldp /snap/core20/2682/run/utmp /snap/core20/2682/usr/bin/ssh-agent /snap/core20/2682/usr/lib/dbus-1.0/dbus-daemon-launch-helper /snap/core20/2682/var/mail /snap/core20/2686/run/systemd/netif /snap/core20/2686/run/systemd/netif/leases /snap/core20/2686/run/systemd/netif/links /snap/core20/2686/run/systemd/netif/lldp /snap/core20/2686/run/utmp /snap/core20/2686/usr/bin/ssh-agent /snap/core20/2686/usr/lib/dbus-1.0/dbus-daemon-launch-helper /snap/core20/2686/var/mail /snap/core18/2976/usr/bin/ssh-agent /snap/core18/2976/usr/lib/dbus-1.0/dbus-daemon-launch-helper /snap/core18/2976/var/mail /snap/core18/2979/usr/bin/ssh-agent /snap/core18/2979/usr/lib/dbus-1.0/dbus-daemon-launch-helper /snap/core18/2979/var/mail
e.g. l /snap/core20/2682/run/systemd/netif* drwxr-xr-x 5 104 109 54 Aug 22 10:21 ./ drwxr-xr-x 10 root root 137 Aug 22 10:21 ../ drwxr-xr-x 2 104 109 3 Aug 22 10:15 leases/ drwxr-xr-x 2 104 109 3 Aug 22 10:15 links/ drwxr-xr-x 2 104 109 3 Aug 22 10:15 lldp/
l /snap/core20/2682/run/utmp -rw-rw-r–. 1 root 43 0 Aug 21 14:38 /snap/core20/2682/run/utmp
l /snap/core20/2682/usr/bin/ssh-agent -rwxr-sr-x. 1 root 105 350504 Apr 11 2025 /snap/core20/2682/usr/bin/ssh-agent*
l /snap/core20/2682/usr/bin/ssh-agent -rwxr-sr-x. 1 root 105 350504 Apr 11 2025 /snap/core20/2682/usr/bin/ssh-agent*
l /snap/core20/2682/usr/lib/dbus-1.0/dbus-daemon-launch-helper -rwsr-xr–. 1 root 103 51344 Oct 25 2022 /snap/core20/2682/usr/lib/dbus-1.0/dbus-daemon-launch-helper*
l /snap/core20/2686/var/mail/ drwxrwsr-x 2 root 8 3 Oct 29 14:34 ./
The same goes for core18
I’m very curious
Regards Bruce
–