folder "tommy" in /home after 10.04 install with picasa

Asked by peter massen on 2010-12-17

I have installed lucid 10.04 from DVD (ubuntu-user mag issue 6) which installs google picasa by default. A folder in /home appears with name "tommy" along with my <user> folder, permissions are owned by root, tommy contains a folder .google --- can any one tell me the story on what this "tommy" folder is for, and given the root permissions, the security implications. I cannot find anything on google search that is relevant, or on the forums (I have posted there as well)

Any info gratefully received....

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openssh Edit question
Assignee:
No assignee Edit question
Solved by:
actionparsnip
Solved:
2010-12-17
Last query:
2010-12-17
Last reply:
2010-12-17

can you give the output of:

grep tommy /etc/passwd

Thanks

peter massen (ubuntu-newbie) said : #2

Well..

grep tommy /etc/passwd seems to produce no output at all !, with or without a sudo in front.....

So am not sure if tommy is a user or what...

also inside tommy are files: .bash_history .esd_auth .pulse-cookie , all of which are locked (root only)

The contents using gksudo gedit to read of .bash_history are as follows:

mkldir packs
mkdir packs
cd packs/
ls
gdebi google-chrome-stable_current_i386.deb
ll
ll
ls -ali
gdebi picasa_3.0-current_i386.deb
ls
gdebi skype-ubuntu-intrepid_2.1.0.81-1_i386.deb
ls
ls -ali
gdebi teamviewer_linux.deb
gdebi teamviewer_linux.deb
ls
rm uck_2.*
ls
./truecrypt-6.3a-setup-x86
truecrypt
pwd
ls
picasa
cd packs/
ls
gedit /etc/apt/sources.list
apt-get update
wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -
apt-get update
sudo wget --output-document=/etc/apt/sources.list.d/medibuntu.list http://www.medibuntu.org/sources.list.d/$(lsb_release -cs).list && sudo apt-get --quiet update && sudo apt-get --yes --quiet --allow-unauthenticated install medibuntu-keyring && sudo apt-get --quiet update
gedit /etc/apt/sources.list
synaptic
apt-get install virtualbox 3.2
apt-get install VirtualBox 3.2
apt-get update
apt-get install sun-java-
apt-get install sun-java
exit
gedit /etc/apt/sources.list
gedit /etc/apt/sources.list
apt-get install virtualbox-3.2
wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -
gedit /etc/apt/sources.list
apt-get update
apt-get install virtualbox-3.2
add-apt-repository "deb http://archive.canonical.com/ lucid partner"
apt-get update
synaptic
synaptic
ls
cd packs/
ls
ls
gdebi virtualbox-3.2_3.2.6-63112~Ubuntu~lucid_i386.deb
ps -ax
gdebi virtualbox-3.2_3.2.6-63112~Ubuntu~lucid_i386.deb
exit

So I am thinking its gota be something to do with oracles virtual box - but the security aspect still worries me.

If the word tommy is not in the /etc/passwd file (Which is what the command looked for), then it is not a user on your system. I'd be worried too. I suggest you submit a bug stressing a MASSIVE worry over security and make a backup of the tommy folder so that it cannot be messed with. Also add on the bug that the username wasn't in /etc/passwd.

peter massen (ubuntu-newbie) said : #4

Thankyou actionparsnip for your answer - but you have reinforced my security worries. Sorry to sound naff, but where/how do you recommend I lodge the bug report, do I site oracle/virtual-box as the problem or google/picasa or both and on what thread (this is all a bit new to me)

Picasa isn't on the official repo so it wont work if you try to use picasa as the cause. Virtualbox was only installed by the account so is also a poor choice. I'd log it with:

ubuntu-bug linux

The ops will move it if it is in the wrong place

peter massen (ubuntu-newbie) said : #6

Thanks actionparsnip, that solved my question.