> When I run top or rsh into this or other machines, I get something > like: > top: cannot open /dev/kmem: Permission denied > kvm_open: Permission denied > I'm worried I've been screwed. Permissions on /dev/kmem (Which > points to /devices/pseudo/mm@0:kmem) are: > crw-r----- 1 root sys 13, 1 Oct 25 11:33 mm@0:kmem > crw-r----- 1 root sys 13, 0 Oct 25 11:33 mm@0:mem /dev/mem and /dev/kmem are normally group kmem, not group sys. At least on any system I've ever looked at, which I mercifully has not included Solaris yet. Check the permissions on (say) top; if it's setgid kmem, then kmem/mem will have to be group kmem, or else world read, for it to work. Check your backups and see what group owned them there. As for this being a cracker's muddy footprints, I suppose that's possible. If someone knew an easy way into group sys but not group kmem, something like this might have been intended as a way of leaving a hole open for later. A stupid one, to be sure, because it alerted you to the problem, but I'm sure Sturgeon's Law is true of crackers too. der Mouse mouse@collatz.mcrcim.mcgill.edu