[vox-tech] Purpose of "nobody" user?

Rod Roark rod at sunsetsystems.com
Fri Jun 23 11:50:20 PDT 2006


On Friday 23 June 2006 11:14, Bill Kendrick wrote:
...
> For the life of me, I couldn't really explain _what_ "nobody" is used for.
> I'm familiar with it in terms of NCSA httpd and Apache, but beyond that...
> A little help, here?  :^D

I'll take a stab at this.

The way I would explain it is that a *nix system has a variety of users
that are non-human.

They are users in the sense that they run processes that do not require
privileges to other parts of the system, and they maintain resources
(e.g. files and directories) to which other parts of the system do not
need access.  Therefore it is convenient and sensible to isolate them
from human users and from each other in the same way that human users
are isolated from each other.

The general idea is that your system is more secure if access is not
granted where it is not needed.  A non-human user may be a security
risk if, for example, it runs a program containing a flaw that lets
someone break in and run tasks with the privileges of that user.

I suppose someone chose the name "nobody" for one of these users
simply to emphasize that it's not human.  But there are many other
examples of such users, like apache, bind, daemon, mail, mysql and
news.

I hope this is not too condescending... I wrote it this way so that
newbies may also find it useful.

Rod


More information about the vox-tech mailing list