Understanding the Problem

As I surveyed the numerous diplomas adorning my client’s office walls, it struck me just how accomplished he was—three doctorates, including one in Computer Science. Yet, the situation was far from academic.

“Yesterday, someone accessed the system as root and altered the resolv.conf file,” I informed him.

His expression mirrored that of a patient receiving a complex medical diagnosis. “What does that mean?”

“That file is crucial for network functionality. Based on my observations, it's clear why you're experiencing issues. I can rectify it, but we need to uncover how this occurred to prevent future occurrences,” I explained, hoping for a constructive dialogue.

He hesitated before responding, “Only I can log in as root.”

“Did you modify the file?” I probed.

“Absolutely not!” he retorted, defensively.

I took a deep breath. “Your system accounting is active, which consumes significant disk space. You might want to consider clearing older records. Fortunately, it was enabled just last week, so…”

He interjected, “I didn’t turn it on.”

I chose my words with care. “Someone accessed the system as root and enabled it. If it wasn’t you, someone else must have the password—and access to your office—because the changes were made directly at the system console located right here.”

“My office is secure, and no one would ever think of my root password,” he asserted.

A warning bell rang in my mind. He used the phrase "think of," not "guess." Passwords that one "thinks of" are often easy to remember, like “CatsPyjammies,” rather than complex strings like “$3Erokg!%dfe67.” I had no knowledge of what the root password was since the console was already logged in when I arrived. Perhaps I should inquire, but I opted to hold off for now.

“Do you leave the console logged in when you step out of your office?” I pointed toward it. His annoyance was palpable.

“Of course not!”

A quick terminal command would confirm my suspicions about how long the root account had been active. Upon checking, I found that root had not logged out for an entire week.

From the information at hand, certain conclusions emerged. He consistently secures his office. The resolv.conf file had been significantly altered just the day before by someone using the console. This incident occurred during regular working hours. Either he was responsible, or someone else had entered his office and made the changes. What could be the motive? Perhaps an attempt to resolve an issue that inadvertently caused more problems. Or it could have been a prank on a rather unapproachable boss. Deliberate sabotage was also a possibility. Regardless, fixing the problem would take mere seconds, yet it seemed essential for him to comprehend that it wasn’t just a random glitch. The system accounting indicated that root had executed the changes—plain and simple.

“Let’s resolve this,” I said, proceeding to edit the file and create a backup named “saferesolv.file.” I demonstrated how it should appear and explained that in case of a repeat incident, he could restore it using the backup.

“Why would it occur again?” he inquired, seemingly puzzled.

I felt as though I was conversing with a toddler, not someone with an impressive array of qualifications. My impulse was to shout, “BECAUSE WE DON’T KNOW WHY OR HOW THIS OCCURRED!” Yet, I restrained myself, merely tilting my head and raising my eyebrows in uncertainty. I had no clear understanding of the circumstances surrounding this issue, but I had serious doubts about his claims.

Was he lying out of embarrassment? Was he simply oblivious, perhaps a product of academia who excelled in theory but struggled with practical realities? Or was he an impostor? Some combination of these factors?

I shrugged it off and prepared an invoice, requesting immediate payment, which he complied with. As I drove home, I continued to shake my head in disbelief.

The most surprising aspect? This was the second time I had been called for the same issue, and our conversation echoed the previous one. I still couldn't fathom what had transpired, and after this encounter, I never heard from him again.