Privilege question

Similar Messages

• System and Object privileges question

  hello everyone.
  I was really making it a priority to really understand both system and object privileges for users. I have setup a couple of 'sandboxes' at home and have done lots of testing. So far, it has gone very well in helping me understand all the security involved with Oralce (which, IMHO, is flat out awesome!).
  Anyway, a couple of quick questions.
  As a normal user, what view can I use to see what permissions I have in general? what about permissions on other schemas?
  I know I can do a:
  select * from session_privs
  which lists my session privileges.
  What other views (are they views/data dictionary?) that I can use to see what I have? Since this is a normal user, they don't have access to any of the DBA_ views.
  I'll start here for now, but being able to see everything this user has, would be fantastic.
  Cheers,
  TCG

  Sorry. should have elaborated more.
  In SQLPLUS, (logged in while logged into my Linux OS), I am working to try and get sqlplus to display the results of my query so it is easy to read. Right now, it just displays using the first 1/4 or 1/3 of the monitor screen to the left. Make sense? So it does not stretch the results out to utilize the full screen. it is hard to break down and read the results because they are "stacked" on top of each other.
  Would be nice if I could adjust sqlplus so the results are easier to read.
  HTH.
  Jason

• Roles privileges question

  Version Info: Oracle version 11gR2 running on windows server 2008.
  I have a question on something that i didnt understand with regards to a role.
  I have a table called abc owned by a schema called MainSchema. I created a role in this schema called updateweb which has an update privilege granted to abc table.
  grant update on MainSchema.abc to updateweb; I granted the update privilege on the above role to another schema called webusers.
  grant updateweb to webusers; However when i run an update statement on behalf of the schema webusers on the table abc, from an asp.net webpage, i get an ora-1031 insufficient privileges.
  However if i directly grant like this
  grant update on mainschema.abc to webusers;         (from mainschema) it works.
  Why doesnt it work if used from a role???
  Thanks.

  I don't understand why almost everyone here
  - refuses to read documentation
  - refuses to use Google
  - refuses to use the 'Search' link
  - doesn't read about the Etiquette in this Forum, which includes you should consult documentation prior to posting
  Assuming the context of your unknown update statement is a stored procedure
  this question has been asked a gazillion times by people as equally lazy as you.
  It has also been answered a gazillion times by people called 'volunteers'.
  The answer has always been the same
  As roles are volatile, they are disabled during compilation of stored procedures etc.
  What works is
  - the stored procedure is in the same schema as the affected table, execute privilege can be given to a role
  - the procedure is created with 'authid current_user'
  - the worst solution: access is granted directly
  What is so special about you you think you are the only one with this non-issue?
  Sybrand Bakker
  Senior Oracle DBA

• Manage Privileges Question

  Hello friends,
  Is possible to view personal folders of other users?? I have administrator of my obiee and when I go to Manage Catalog and then My Folders and I click on users I can see all users but I can't click in their folders, is possible to have access there?
  And a second question, is possible to do privileges one user to view dashboards but this user not see shared folders? (Reports of these dashboards are in shared folders).
  Thank you!
  Edited by: Alex1 on 25-feb-2009 2:01

  Alex,
  This is something you should experiment with, however, I thought that you should be able to do both. OK, I just tried fulfilling your first request and failed. For some reason, I could only view 1 user's "My Folder". For the second, I think it won't work - since user should have access to the reports - on the Dashboard - he'd get a message like "Permission denied" - it's by design.
  Alex, if you post a summary of your security requirements, I think there could be workarounds. Anyone, please feel free to comment, but I think it's "not possible to both".

• Granting Privileges question

  This is not a duplicate post. User Wilhem posted it in the wrong forum.
  In the below mentioned link, user CD has provided a quick way to grant privileges to another user. But it didn't work for me. Is there something wrong with with the DECODE expressions?
  Re: Granting Privileges question

  Instead of granting privileges to a user, i wanted to grant these privileges to a role. So i created a role
  CREATE ROLE jenrole;
  And then i tried the below mentioned script. But i am getting error
  DECLARE
  v_sql VARCHAR2(4000);
  BEGIN
  FOR obj IN (SELECT object_name
  , object_type
  , DECODE (OBJECT_TYPE,
  'PROCEDURE','EXECUTE',
  'FUNCTION' ,'EXECUTE',
  'PACKAGE' ,'EXECUTE',
  'SYNONYM' ,'SELECT' ,
  'SELECT, INSERT, UPDATE, DELETE') rights
  FROM user_objects)
  LOOP
  v_sql := 'GRANT '|| obj.rights ||' ON '|| obj.object_name ||' TO JENROLE' ;
  dbms_output.put_line(v_sql);
  EXECUTE IMMEDIATE v_sql; END LOOP;
  END;
  ERROR at line 1:
  ORA-00911: invalid character
  ORA-06512: at line 16
  Why am i getting error? The error line is boldened

• Object privilege question

  Hi, the oracle documentation says:
  A user automatically has all object privileges for schema objects contained in his or her schema. A user can grant any object privilege on any schema object he or she owns to any other user or role. A user with the GRANT ANY OBJECT PRIVILEGE can grant or revoke any specified object privilege to another user with or without the GRANT OPTION of the GRANT statement. Otherwise, the grantee can use the privilege, but cannot grant it to other users.
  For example, assume user SCOTT has a table named t2:
  SQL>GRANT grant any object privilege TO U1;
  SQL> connect u1/u1
  Connected.
  SQL> GRANT select on scott.t2 \TO U2;
  SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
  WHERE TABLE_NAME = 'employees';
  GRANTEE                        OWNER                                GRANTOR                        PRIVILEGE                            GRA
  U2                             SCOTT                              SCOTT                          SELECT                                NONow this confuses me. Surely it is U1 who is the grantor, and not Scott, no??

  Oracleguy,
  I do got your point but I guess the right reason for this would be this only that even though the user U1 didn't have the privilege and could grant it only because of Grant Any Object priv, he is not shown as the grantor but Scott does!
  [oracle@edhdr1p0-prod sqlplus]$ sqlplus / as sysdba
  SQL*Plus: Release 11.2.0.1.0 Production on Thu Feb 18 09:19:39 2010
  Copyright (c) 1982, 2009, Oracle.  All rights reserved.
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> create user u1 identified by u1;
  User created.
  SQL> grant create session, create table to u1;
  Grant succeeded.
  SQL> conn u1/u1
  Connected.
  SQL> select * from tab;
  no rows selected
  SQL> conn scott/tiger
  Connected.
  SQL> create table t2( a number);
  Table created.
  SQL> conn  / as sysdba
  Connected.
  SQL> grant grant any object privilege to u1;
  Grant succeeded.
  SQL> conn u1/u1
  Connected.
  SQL> select * from scott.t2
    2  ;
  select * from scott.t2
  ERROR at line 1:
  ORA-01031: insufficient privileges
  SQL> grant select on scott.t2 to system;
  Grant succeeded.
  SQL> conn / as sysdba
  Connected.
  SQL>  SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
  WHERE TABLE_NAME = 'T2';
  WHERE TABLE_N 'T2'
  ERROR at line 2:
  ORA-00920: invalid relational operator
  SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
    2  where table_name='T2';
  GRANTEE                        OWNER
  GRANTOR                        PRIVILEGE                                GRA
  SYSTEM                         SCOTT
  SCOTT                          SELECT                                   NO
  SQL>
  Now, when I explicitly give the priv to U1 and than he grants it, he is shown as the Grantee
  Sorry, I didn't realize that its still Scott only which is shown at both the places.
  USER is "SYS"
  SQL> grant select on scott.t2 to U1;
  Grant succeeded.
  SQL> conn u1/u1
  Connected.
  SQL> grant select on scott.t2 to system;
  Grant succeeded.
  SQL> conn / as sysdba
  Connected.
  SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
  WHERE TABLE_NAME = 'T2';   2 
  GRANTEE                        OWNER
  GRANTOR                        PRIVILEGE                                GRA
  SYSTEM                         SCOTT
  SCOTT                          SELECT                                   NO
  U1                             SCOTT
  SCOTT                          SELECT                                   NO
  SQL> Update:
  Oracleguy,
  This is what I found about this priv from docs,
  http://download.oracle.com/docs/cd/E11882_01/server.112/e10592/statements_9013.htm#i2077938
  GRANT ANY OBJECT PRIVILEGE
       Grant any object privilege that the object owner is permitted to grant.So I guess this should explain what is being shown in the view. Since the owner is Scott who is permitted to grant the privilege , its his name which is shown here since its his privilege which is passed to the second user. Does that sounds like a reasonable explanation?
  HTH
  Aman....
  Edited by: Aman.... on Feb 18, 2010 9:36 AM
  Edited by: Aman.... on Feb 18, 2010 11:55 AM added update

• Administrator privileges question

  I recently restored my start up drive (from Time Machine drive) after upgrading to snow leopard.
  By accident I created another user account in my computer. So then I logged in in my desired account and deleted the new one that was created by accident.
  I dont know if it a new feature of SL but I see that some folders have a red dash meaning there are not accessible. When I click on them it says it cannot open because I don't have privileges...
  did I mess it up?
  There are a few of them but I would like to know if I can remove these red dashes from the folders so they are accessible.
  Thanks

  Which folders are they? You can try clicking on the folder > Right Click > Get Info. At the bottom, you will see the privileges, click the "+" button and add yourself with Read/Write. That may work.

• While loading ITunes Igot this messege, Service "Apple Mobile Device" failed to start. Verify that you have sufficient privileges to start system services. My question is, How do I verify if I have sufficient privileges?

  While loading ITunes I got this messege, Service "Apple Mobile Device" failed to start. Verify that you have sufficient privileges to start system services. My question is, How do I verify if I have sufficient privileges?

  Hello hurleygirl63,
  Thank you for the details of the issue you are experiencing with iTunes.  I recommend following the steps in the article below:
  How to restart the Apple Mobile Device Service (AMDS) on Windows
  http://support.apple.com/kb/TS1567
  Thank you for using Apple Support Communities.
  Best,
  Sheila M.

• Question on Privileges to Approve Items

  AS PER PORTAL'S ONLINE HELP, ONLY "FOLDER OWNERS" OR "CONTENT AREA ADMINISTRATOR" CAN APPROVE ITEMS CREATED BY A USER WITH "CREATE W/APPROVAL" PRIVILEGE.
  BUT I NOTICED THAT USERS WITH "MANAGE ITEMS" PRIVILEGE CAN ALSO SEE AND APPROVE THE ABOVE ITEMS.
  IS THIS CORRECT BEHAVIOUR?
  I AM USING PORTAL 3.0.9 / W2000
  TKS!!!

  The reason for the parsing (I thought I explained it, must have been too vague) is I have about 30 agencies in a csv file.
  Each agency can be determined by their subnet(s) and domain(s)
  I need to put all lines in the csv relating to each agency in their own separate csv file to distribute to them so I am not sharing agency 'A' info with the other 29 agencies.
  I get the regex comment. Thank you. For some reason I am rather hesitant to use PCRE under windows. I'll see how it works.
  Your comment on "Reloading a large file repeatedly takes more time", is the exact reason why I asked the question. I want to get away from that.
  I appreciate your quick reply, I think your example will work nicely. 
  -= Bruce

• General Questions about Oracle Roles/Privileges

  Hi,
  I have a few questions I'm hoping to get clarification on:
  1 - Is there a view similar to DBA_SYS_PRIVS/DBA_TAB_PRIVS that shows which system privileges have been assigned to users/accounts ONLY, filtering out roles? If not, how would one go about obtaining this list?
  2 - Is there a view similar to DBA_ROLE_PRIVS that shows also just shows which users have been assigned to which roles ONLY, again filtering out roles? If not, how would one go about obtaining this list? I assume some type of recursion has to be done here to flatten out the roles.
  My end goal is this:
  - List of all users and directly assigned system privileges only
  - List of all users and directly assigned table/object privileges only
  - List of all users and all roles (if role X contains role Y, this list should show user has role X and Y)
  Many thanks!

  1 - Is there a view similar to DBA_SYS_PRIVS/DBA_TAB_PRIVS that shows which system privileges have been assigned to users/accounts ONLY, filtering out roles? If not, how would one go about obtaining this list?
  it's simple:
  select grantee, privilege from dba_sys_privs where grantee in (select username from dba_users);
  select grantee, owner, table_name, privilege from dba_tab_privs where grantee in (select username from dba_users);
  2 - Is there a view similar to DBA_ROLE_PRIVS that shows also just shows which users have been assigned to which roles ONLY, again filtering out roles? If not, how would one go about obtaining this list? I assume some type of recursion has to be done here to flatten out the roles.
  select grantee, granted_role from dba_role_privs where grantee in (select username from dba_users);
  select grantee, granted_role from dba_role_privs where grantee in (select role from dba_roles);Hope this helps...

• Privilege and roles Question

  Hi All
  I did a queries
  SELECT GRANTEE, PRIVILEGE,GRANTABLE FROM DBA_TAB_PRIVS
  WHERE TABLE_NAME='TABLE1' AND GRANTEE IN ('USER1', 'USER_ROLE');
  GRANTEE        PRIVILEGE       GRANTABLE
  USER1 SELECT NO
  USER1 INSERT NO
  USER1 DELETE NO
  USER1 UPDATE NO
  USER_ROLE SELECT YES
  USER_ROLE INSERT YES
  USER_ROLE DELETE YES
  USER_ROLE UPDATE YES
  SELECT 'ROLE' TYP, GRANTEE, GRANTED_ROLE, ADMIN_OPTION FROM DBA_ROLE_PRIVS WHERE GRANTEE ='USER1';
  TYP      GRANTEE   GRANTED_ROLE   ADMIN_OPTION
  ROLE USER1 CONNECT NO
  ROLE USER1 RESOURCE NO
  ROLE USER1 USER_ROLE NO
  My question is since the USER1 is granted the role of USER_ROLE, will it cause conflict to the table privilege?
  Because I can't perform Insert when I'm using USER1. It give me an error of ORA-01031L insufficent privileges SQL source: ..

  Since you did not mention how you are performing the Inserts/DML's on the TABLE1, and you are facing privileges issues, I presume you are performing it from a PL/SQL Block. However, the priviliges acquired via a Role are not valid in Function/Procedure. You need to have explicit privileges to perform an action in Function/Procedure.
  Even without the privilege, you would be able to perform the Inserts/DML's as in static SQL statements that are not contained in PL/SQL blocks.
  Try:
  grant insert on table1 to user1;

• Question - "you do not have enough access privileges" error message when trying to sync and downloads music?

  Question - error message when trying to sync and download music iPhone. 

  Same problem with my iphone too
  is ur problem resolved?

• Error question - access privileges

  I used to be able to save and edit my work in photoshop elements 9. Now I get an error message that reads:
  "could not save... because you do not have the necessary access privileges"
  Can anyone help me figure this out? I was first told that I needed to create an Adobe account. Which I did, but I could not log onto that either.
  Thanks,
  buzobuzo1

  First check the save as window to see where you are saving. Has that location gotten changed?

• ASA VPN QUESTION

  Hi All
  The question is pretty simple. I can successfully connect  to my ASA 5505  firewall via cisco vpn client 64 bit , i can ping any ip  address on the LAN behind ASA but none of the LAN computers can see or  ping the IP Address which is assigned to my vpn client from the ASA VPN  Pool.
  The LAN behind ASA is 192.168.0.0 and the VPN Pool for the cisco vpn client is 192.168.30.0
  I would appreciate some help pls
  Here is the config:
  ASA Version 7.2(4)
  hostname ciscoasa
  domain-name default.domain.invalid
  enable password J7NxNd4NtVydfOsB encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  name 192.168.0.11 EXCHANGE
  name x.x.x.x WAN
  name 192.168.30.0 VPN_POOL2
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.0.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address WAN 255.255.255.252
  interface Ethernet0/0
  switchport access vlan 2
  <--- More --->
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  boot system disk0:/asa724-k8.bin
  ftp mode passive
  clock timezone EEST 2
  clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  access-list nk-acl extended permit tcp any interface outside eq smtp
  access-list nk-acl extended permit tcp any interface outside eq https
  access-list customerVPN_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 VPN_POOL2 255.255.255.0
  access-list inside_access_in extended permit ip any any
  access-list VPN_NAT extended permit ip VPN_POOL2 255.255.255.0 192.168.0.0 255.255.255.0
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool VPN_POOL2 192.168.30.10-192.168.30.90 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-524.bin
  no asdm history enable
  arp timeout 14400
  global (inside) 10 interface
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  nat (outside) 10 access-list VPN_NAT outside
  static (inside,outside) tcp interface smtp EXCHANGE smtp netmask 255.255.255.255
  static (inside,outside) tcp interface https EXCHANGE https netmask 255.255.255.255
  access-group inside_access_in in interface inside
  access-group nk-acl in interface outside
  route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  aaa authentication enable console LOCAL
  aaa authentication http console LOCAL
  aaa authentication serial console LOCAL
  aaa authentication ssh console LOCAL
  aaa authentication telnet console LOCAL
  aaa authorization command LOCAL
  http server enable
  http 192.168.0.0 255.255.255.0 inside
  snmp-server host inside 192.168.0.16 community public
  no snmp-server location
  no snmp-server contact
  snmp-server community public
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map outside_dyn_map 20 set pfs group1
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp nat-traversal  20
  telnet 192.168.0.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcp-client client-id interface outside
  dhcpd dns 217.27.32.196
  dhcpd address 192.168.0.100-192.168.0.200 inside
  dhcpd dns 192.168.0.10 interface inside
  dhcpd enable inside
  group-policy DfltGrpPolicy attributes
  banner none
  wins-server none
  dns-server none
  dhcp-network-scope none
  vpn-access-hours none
  vpn-simultaneous-logins 3
  vpn-idle-timeout 30
  vpn-session-timeout none
  vpn-filter none
  vpn-tunnel-protocol IPSec l2tp-ipsec
  password-storage disable
  ip-comp disable
  re-xauth disable
  group-lock none
  pfs disable
  ipsec-udp disable
  ipsec-udp-port 10000
  split-tunnel-policy tunnelall
  split-tunnel-network-list none
  default-domain none
  split-dns none
  intercept-dhcp 255.255.255.255 disable
  secure-unit-authentication disable
  user-authentication disable
  user-authentication-idle-timeout 30
  ip-phone-bypass disable
  leap-bypass disable
  nem disable
  backup-servers keep-client-config
  msie-proxy server none
  msie-proxy method no-modify
  msie-proxy except-list none
  msie-proxy local-bypass disable
  nac disable
  nac-sq-period 300
  nac-reval-period 36000
  nac-default-acl none
  address-pools none
  smartcard-removal-disconnect enable
  client-firewall none
  client-access-rule none
  webvpn
    functions url-entry
    html-content-filter none
    homepage none
    keep-alive-ignore 4
    http-comp gzip
    filter none
    url-list none
    customization value DfltCustomization
    port-forward none
    port-forward-name value Application Access
    sso-server none
    svc none
    svc keep-installer installed
    svc keepalive none
    svc rekey time none
    svc rekey method none
    svc dpd-interval client none
    svc dpd-interval gateway none
    svc compression deflate
  group-policy customerVPN internal
  group-policy customerVPN attributes
  dns-server value 192.168.0.10
  vpn-tunnel-protocol IPSec
  password-storage enable
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value customerVPN_splitTunnelAcl
  default-domain value customer.local
  username xxx password 8SYsAcRU4s6DpQP1 encrypted privilege 0
  username xxx attributes
  vpn-group-policy TUNNEL1
  username xxx password C6M4Xy7t0VOLU3bS encrypted privilege 0
  username xxx attributes
  vpn-group-policy PAPAGROUP
  username xxx password RU2zcsRqQAwCkglQ encrypted privilege 0
  username xxx attributes
  vpn-group-policy customerVPN
  username xxx password zfP8z5lE6WK/sSjY encrypted privilege 15
  tunnel-group customerVPN type ipsec-ra
  tunnel-group customerVPN general-attributes
  address-pool VPN_POOL2
  default-group-policy customerVPN
  tunnel-group customerVPN ipsec-attributes
  pre-shared-key *
  tunnel-group-map default-group DefaultL2LGroup
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:a4dfbb82008f78756fe4c7d029871ec1
  : end
  ciscoasa#                           

  Well lots of new features have been hinted at for ASA 9.2 but I've not seen anything as far as an Engineering Commit or Customer Commit for that feature.
  Site-site VPN in multiple context mode was added in 9.0(1) and I have customers have been asking for the remote access features as well.
  I will remember to ask about that at Cisco Live next month.

• Is there any way to contact verizon with a detailed cell phone technical support question?

  Is there any way to contact Verizon with a detailed cell phone technical support question?  I prefer e-mail so as to provide details (like I am trying to provide here).  I have tried in-store personnel (no help at all) and the web chat - they just want to see me more data instead of helping me with my basic problem!
  I CAN NOT GET ANYONE FROM VERIZON TO GIVE ME ANY HELP NOR CAN I FIND A WAY TO FILE A COMPLAINT.  AT THIS POINT I JUST WANT TO DROP MY VERIZON ACCOUNT BUT I'M SURE THAT IT WILL COST ME A SMALL FORTUNE TO GET OUT OF IT.
  Here is my issue:
  Chat transcript removed as required by the Verizon Wireless Terms of Service
  BELOW IS A SCREEN COPY FROM REDDIT ABOUT SOMEONE WITH THE SAME PROBLEM WITH A VERIZON CELL PHONE
  So last night my RAZR MAXX HD did something totally bewildering by spontaneously downloading 2.6 GB of data over the course of ~ 3 hours. Fortunately I was able to catch this problem before it ended up being really expensive, but I still exceeded my 2 GB data plan by 600MB.
  The Culprits:
  Reddit News Free: 160 MB foreground / 0.96 GB background
  Android OS: 0 MB foreground / 1.18 GB background
  Several unnamed applications: ~ 350 MB
  Screenshots:
  The massive data spike
  Android OS data usage
  Reddit News Free data usage
  Weird unnamed processes
  Detailed timeline:
  5:12 PM: Incident begins according to VZW data usage website (2.60410 GB used). This is around the last time that I used my phone at the laundromat before getting dinner and watching Game of Thrones.
  8:04 PM: 50% of data allowance used (txt msg)
  8:31 PM: 75% of data allowance used (txt msg)
  8:58 PM: 90% of data allowance used (txt msg)
  9:13 PM: 100% of data allowance used (txt msg)
  10:05 PM: Got the text messages and immediately put the phone into airplane mode
  10:30 PM: Took screenshots
  10:45 PM: Enabled wifi, installed Kaspersky premium. Scan returned no threats.
  11:00 PM: Left phone in airplane mode, went to sleep.
  The questions:
  What was the root cause of this issue? Did Reddit News freak out as a result of an esoteric bug or was my phone hacked?
  If this was a simple Reddit News bug, then why was the Android OS also trying to use such a massive amount of background data?
  What the hell are these unnamed numeric applications? I've inspected my process history and this is the first time they have ever attempted to use data.
  I'm pretty sure that I can explain this situation to Verizon and get out of having to pay additional data usage fees, but I would like to know more about the problem before I get in touch with them.
  all 13 comments
  best 
  [–]omgmrjmako/PA, deb/Carbon 3 points 1 year ago*
  All I can think is your phone may have background downloaded an OTA update, and you'd then be prompted with something like, "As update to your Android system has been downloaded, would you like to install it now?"
  I do find it very odd that the update would be 2.6GB. As a rough base, the CyanogenMod 10.1 firmware for your device is well under 200MB, so unless Verizon has a ****-ton of bloatware in the update, or it had to attempt to download multiple times for some reason, it may be a stretch.
  But doing a little homework, it looks like the Verizon Razr Maxx was updated to 4.1 in late March. Maybe they're still rolling it out in waves? Have you gotten the update yet?
  Edit: Aaaand I just noticed you appear to be running an AOSP-based ROM, which totally rules out a carrier update being sent out.
  Edit2: If you want to live dangerously, you could try running:
  #kill -9 12289
  That 12289 is the PID listed in your screenshot. But don't run that without fulling understanding the kill command.
  The ps command could also be of use, but probably not.
  permalink
  [–]lechnito[S] 2 points 1 year ago
  I can confirm that the phone is currently at 4.1.2 and that I wasn't prompted for an OTA update.The fact that both the Android OS and Reddit News processes were simultaneously using an extremely large amount of data is unlikely to be a coincidence... 
  permalink
  parent
  [–]omgmrjmako/PA, deb/Carbon 3 points 1 year ago
  That is very curious that the spikes happened at the same time.I'm curious. It may have put at least some of that 2.6GB somewhere. You could use a data visualizer tool to see if you can find it, which may lead to more clues. 
  permalink
  parent
  [–]lechnito[S] 2 points 1 year ago
  The largest directories are:
  DCIM: Normal looking photos (90,825 KB)
  Android: Primarily map cache data (64,846 KB)
  If it was downloading content then it did not significantly save content to storage. It's not like I have anything particularly sensitive on the phone, but the idea that it was uploading a snapshot of my data definitely makes me uncomfortable.
  permalink
  parent
  [–]omgmrjmako/PA, deb/Carbon 2 points 1 year ago
  Yup, Digital Camera IMages and videos.Somewhere in /sdcard/Android would be my guess as to where a mysterious file would be downloaded, but if it's only 64MB, and mostly map data, I'd safely rule it out.I'm sorry, but I'm stumped here.Edit: I should mention I don't think this is malware, because unless a malicious app gained superuser access, any data it used would show under it's own apk in the data usage list, not Android OS. 
  permalink
  parent
  [–]mistrbrownstone 0 points 1 year ago
  DCIM: Normal looking photos (90,825 KB)
  Was it trying to auto-upload pictures or video to G+?I ******* hate that.
  permalink
  parent
  [–]lechnito[S] 1 point 1 year ago
  Although I'm not really up to speed with the Android platform, I come from a UNIX background so I feel comfortable running commands. How do I pull up a bash terminal? Do I need to root the phone first? 
  permalink
  parent
  [–]omgmrjmako/PA, deb/Carbon 2 points 1 year ago
  There's a number of terminal emulators in the Play Store that work well. You don't need a rooted phone to get to the shell as your user, but any privileged command won't execute unless you can grant it permission from the Superuser app that is installed when you root the device. So you could probably do a ps -e, but not a kill -9. 
  permalink
  parent
  [–]lechnito[S] 1 point 1 year ago
  Got it. I downloaded a terminal emulator but unfortunately those processes no longer exist.Does Android keep a generic log of system level events like /var/log/syslog? 
  permalink
  parent
  [–]omgmrjmako/PA, deb/Carbon 2 points 1 year ago
  I don't think so, and I know you'd need superuser permission to read most of the files in /var/log anyway. I'm not super familiar with how Android does its logging, but I do know that the two files of interest are the logcat and dmesg. 
  permalink
  parent
  [–]sh0nuff 1 point 1 year ago
  Want to mention here that using your settings to set your data cap (set it on your billing day), then you won't go over again.Those text messages are really unhelpful, as they send out well after the data has been used. Chances are good you hit close to the 2GB mark before you received the bulk of the messages. 
  permalink
  [–]kindofabuzz -4 points 1 year ago
  Quit installing pirated apps. 
  permalink
  [–]lechnito[S] 1 point 1 year ago
  That's definitely not the case here; both my PC and and Android phone are free from pirated apps.

  You used the data.  Verizon can not see what it was sued for.  However your phone can see whats apps used the data.  go to settings-data usage- there will be a place that says data usage cycle.  line the dates up with your cycle.  then there will be a bar graph below that   extend bother white bars one all the way to the left and one all the way to the right.  after those are extended below that will be a list of apps,  there should be one that used over 2 gb and that will show you what app used that data in her purse