![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
sobriqueSo today, I have a helpdesk call. Logged by a helpdesk person who I shall refer to as CB, on behalf of a user who I shall refer to as CW.
The [department] directories have all been taken over by "20004" owner, they should all be owned by [userid] including legacy data as I am the only user of this data. Please change all ownership to me.
This user couldn't login to the Unix systems this morning. Neither could anyone else in his (small) department. As you may imagine, this was a cause for some concern.
The problem was found, and quickly sorted - ownership of all their department has mysteriously changed to UID "20004". Being unable to access their own home directories, login scripts etc. the system basically just dumped them back out again. Technically it didn't entirely, but it was stuffed enough that the windows enviroment they used didn't work.
And so I have been through the entire departmental share 'fixing' permissions. root where it should be, specific user where it should be, etc.
And then I got as far as looking up who UID 20004 actually was. It was CB. The guy who logged the call. It was the Unix to NT mapping for his 'NT domain admin' account.
In a brief surge of fury, I cast my eyes around for a suitable LART. Thankfully for his life expectancy, and my career, I didn't find one. But I did just pop up to the helpdesk to 'query' it.
I was greeted with "Oh, I didn't think I could change ownerships.".
Clearly what has happened, is that this directory, which is also shared as a CIFS share for convenience, has had the 'Take Ownership' button clicked on it. Why, I don't know - I can't think of a good reason for it, although I can think of a few less good reasons.
The issue gets a little uglier though - this department is technically a 'restricted' area. In the security clearance sense. Protectively marked stuff is on a stand alone fileserver, but indications of nosiness on the part of admin staff with no Need to Know is really not a good thing.
Now I'm a firm believer that people behaving like fuckwits with admin rights, really shouldn't have them any more. This, I think I shall be raising with various boss level type people.
Oh, and if anyone feels like giving their credit card a work out, please buy me this. I promise I'll use it for it's intended purpose. The best LART Evaaah
The [department] directories have all been taken over by "20004" owner, they should all be owned by [userid] including legacy data as I am the only user of this data. Please change all ownership to me.
This user couldn't login to the Unix systems this morning. Neither could anyone else in his (small) department. As you may imagine, this was a cause for some concern.
The problem was found, and quickly sorted - ownership of all their department has mysteriously changed to UID "20004". Being unable to access their own home directories, login scripts etc. the system basically just dumped them back out again. Technically it didn't entirely, but it was stuffed enough that the windows enviroment they used didn't work.
And so I have been through the entire departmental share 'fixing' permissions. root where it should be, specific user where it should be, etc.
And then I got as far as looking up who UID 20004 actually was. It was CB. The guy who logged the call. It was the Unix to NT mapping for his 'NT domain admin' account.
In a brief surge of fury, I cast my eyes around for a suitable LART. Thankfully for his life expectancy, and my career, I didn't find one. But I did just pop up to the helpdesk to 'query' it.
I was greeted with "Oh, I didn't think I could change ownerships.".
Clearly what has happened, is that this directory, which is also shared as a CIFS share for convenience, has had the 'Take Ownership' button clicked on it. Why, I don't know - I can't think of a good reason for it, although I can think of a few less good reasons.
The issue gets a little uglier though - this department is technically a 'restricted' area. In the security clearance sense. Protectively marked stuff is on a stand alone fileserver, but indications of nosiness on the part of admin staff with no Need to Know is really not a good thing.
Now I'm a firm believer that people behaving like fuckwits with admin rights, really shouldn't have them any more. This, I think I shall be raising with various boss level type people.
Oh, and if anyone feels like giving their credit card a work out, please buy me this. I promise I'll use it for it's intended purpose. The best LART Evaaah
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2004-11-01 05:15 am (UTC)no subject
Date: 2004-11-03 12:34 am (UTC)