你能核實一個數字用戶ID嗎——任何有SSH存取權的人都可以在他們的系統上查看嗎？

itteam · 2025年12月01日14:58

ls -l /usr/local

/etc 和 /sbin 是否有 user 1012，且最後更新日期為 10 月 24 日，並且有進行過夜間更新檢查？

ls -l /usr/local/etc
ls -l /usr/local/etc/netatalk

netatalk 和 uams 是否都屬於同一個 user 1012？

我的使用者通常從 1001 開始，所以看到這些系統檔案的擁有者:群組是

jimbob:1012

我檢查了另一台機器，發現是 1012:1012，所以我相當確定這不是惡意行為，只是想請其他人再確認一下。

OneCD · 2025年12月02日04:13

[~] # head -n7 /etc/config/uLinux.conf
[System]
Model = TS-X51
Internal Model = TS-X51
Server comment =
Version = 5.2.7
Build Number = 20251024
Number = 3297

[~] # ls -l /usr/local
total 0
lrwxrwxrwx  1 admin administrators   19 2025-12-02 12:45 apache -> /mnt/ext/opt/apache/
drwxr-xr-x  2 admin administrators 2240 2025-12-02 12:46 bin/
drwxr-xr-x  4  1012           1012   80 2025-10-24 15:13 etc/
drwxrwxrwx  3 admin administrators   60 2025-12-02 12:46 fs/
drwxr-xr-x  3 admin administrators   80 2025-12-02 12:43 include/
drwxr-xr-x  3 admin administrators   60 2025-10-24 16:37 lan/
drwxr-xr-x  5 admin administrators 2440 2025-12-02 12:45 lib/
drwxr-xr-x  3 admin administrators   60 2025-10-24 14:02 lib64/
lrwxrwxrwx  1 admin administrators   20 2025-12-02 12:43 mariadb -> /mnt/ext/opt/mariadb/
lrwxrwxrwx  1 admin administrators   58 2025-12-02 12:45 medialibrary -> /share/CACHEDEV1_DATA/.qpkg/MultimediaConsole/medialibrary/
lrwxrwxrwx  1 admin administrators   31 2025-12-02 22:41 modules -> ../..//lib/modules/5.10.60-qnap/
drwxr-xr-x 30 admin administrators  760 2025-10-24 14:51 network/
drwxr-xr-x  3 admin administrators   60 2025-12-02 12:43 Python3/
drwxr-xr-x  4 admin administrators   80 2025-10-24 15:27 qmigrate/
lrwxrwxrwx  1 admin administrators   18 2025-12-02 12:43 samba -> /mnt/ext/opt/samba/
drwxr-xr-x  3  1012           1012 1800 2025-12-02 12:46 sbin/
drwxr-xr-x  3 admin administrators  120 2025-10-24 16:38 share/
drwxr-xr-x  2 admin administrators 1900 2025-10-24 15:27 sys_sound/
drwxr-xr-x  7 admin administrators  140 2025-10-24 15:14 ups/

[~] # ls -l /usr/local/etc
total 0
drwxr-xr-x 3  1012           1012 180 2012-10-17 22:14 netatalk/
drwxr-xr-x 3 admin administrators  60 2025-10-24 15:13 snmp/

[~] # ls -l /usr/local/etc/netatalk/
total 32
-rw-r--r-- 1 admin administrators 11256 2011-03-03 15:24 afpd.conf
-rw-r--r-- 1 admin administrators  5009 2005-09-23 16:56 AppleVolumes.default
-rw-r--r-- 1 admin administrators     0 2012-10-17 22:14 AppleVolumes.system
-rw-r--r-- 1 admin administrators  1059 2004-09-17 17:21 atalkd.conf
-rw-r--r-- 1 admin administrators  1016 2005-11-14 21:05 netatalk.conf
-rw-r--r-- 1 admin administrators  1479 2004-09-17 17:21 papd.conf
drwxr-xr-x 2  1012           1012   200 2025-10-24 15:28 uams/

[~] # cat /etc/passwd 
admin:x:0:0:administrator:/share/homes/admin:/bin/sh
guest:x:65534:65534:guest:/tmp:/bin/sh
httpdusr:x:99:0:Apache httpd user:/tmp:/bin/sh
[sshd]:x:110:65534:SSHD Privilege Separation:/var/empty:/bin/sh
onecd:x:1000:100:Linux User,,,:/share/homes/onecd:/bin/sh

[~] # cat /etc/group 
administrators:x:0:admin
everyone:x:100:admin,onecd
guest:x:65534:guest

看起來沒問題。

itteam · 2025年12月02日10:31

謝謝你非常感謝你花時間幫忙消除恐懼！

SteveKo · 2025年12月03日08:51

感謝您的回報！