Ubuntu
openssh package

folder "tommy" in /home after 10.04 install with picasa

Asked by peter massen

I have installed lucid 10.04 from DVD (ubuntu-user mag issue 6) which installs google picasa by default. A folder in /home appears with name "tommy" along with my <user> folder, permissions are owned by root, tommy contains a folder .google --- can any one tell me the story on what this "tommy" folder is for, and given the root permissions, the security implications. I cannot find anything on google search that is relevant, or on the forums (I have posted there as well)

Any info gratefully received....

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openssh Edit question
Assignee:
No assignee Edit question
Solved by:
actionparsnip
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

can you give the output of:

grep tommy /etc/passwd

Thanks

Revision history for this message
peter massen (ubuntu-newbie) said : 		#2

Well..

grep tommy /etc/passwd seems to produce no output at all !, with or without a sudo in front.....

So am not sure if tommy is a user or what...

also inside tommy are files: .bash_history .esd_auth .pulse-cookie , all of which are locked (root only)

The contents using gksudo gedit to read of .bash_history are as follows:

mkldir packs
mkdir packs
cd packs/
ls
gdebi google-chrome-stable_current_i386.deb
ll
ll
ls -ali
gdebi picasa_3.0-current_i386.deb
ls
gdebi skype-ubuntu-intrepid_2.1.0.81-1_i386.deb
ls
ls -ali
gdebi teamviewer_linux.deb
gdebi teamviewer_linux.deb
ls
rm uck_2.*
ls
./truecrypt-6.3a-setup-x86
truecrypt
pwd
ls
picasa
cd packs/
ls
gedit /etc/apt/sources.list
apt-get update
wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -
apt-get update
sudo wget --output-document=/etc/apt/sources.list.d/medibuntu.list http://www.medibuntu.org/sources.list.d/$(lsb_release -cs).list && sudo apt-get --quiet update && sudo apt-get --yes --quiet --allow-unauthenticated install medibuntu-keyring && sudo apt-get --quiet update
gedit /etc/apt/sources.list
synaptic
apt-get install virtualbox 3.2
apt-get install VirtualBox 3.2
apt-get update
apt-get install sun-java-
apt-get install sun-java
exit
gedit /etc/apt/sources.list
gedit /etc/apt/sources.list
apt-get install virtualbox-3.2
wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -
gedit /etc/apt/sources.list
apt-get update
apt-get install virtualbox-3.2
add-apt-repository "deb http://archive.canonical.com/ lucid partner"
apt-get update
synaptic
synaptic
ls
cd packs/
ls
ls
gdebi virtualbox-3.2_3.2.6-63112~Ubuntu~lucid_i386.deb
ps -ax
gdebi virtualbox-3.2_3.2.6-63112~Ubuntu~lucid_i386.deb
exit

So I am thinking its gota be something to do with oracles virtual box - but the security aspect still worries me.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#3

If the word tommy is not in the /etc/passwd file (Which is what the command looked for), then it is not a user on your system. I'd be worried too. I suggest you submit a bug stressing a MASSIVE worry over security and make a backup of the tommy folder so that it cannot be messed with. Also add on the bug that the username wasn't in /etc/passwd.

Revision history for this message
peter massen (ubuntu-newbie) said : 		#4

Thankyou actionparsnip for your answer - but you have reinforced my security worries. Sorry to sound naff, but where/how do you recommend I lodge the bug report, do I site oracle/virtual-box as the problem or google/picasa or both and on what thread (this is all a bit new to me)

Revision history for this message
Best actionparsnip (andrew-woodhead666) said : 		#5

Picasa isn't on the official repo so it wont work if you try to use picasa as the cause. Virtualbox was only installed by the account so is also a poor choice. I'd log it with:

ubuntu-bug linux

The ops will move it if it is in the wrong place

Revision history for this message
peter massen (ubuntu-newbie) said : 		#6

Thanks actionparsnip, that solved my question.