[vox-tech] Purpose of "nobody" user?
Rick Moen
rick at linuxmafia.com
Fri Jun 23 12:39:25 PDT 2006
Quoting Bill Kendrick (nbs at sonic.net):
>
> Yesterday, I was helping Melissa add a user account to her laptop.
> I decided to just point her at KDE's "Kuser" (K->System->"User Manager")
> GUI tool, mostly because I wanted to see it. ;) ("adduser" is not hard to
> use, but I figured most non-Unix-types would go hunting a GUI tool,
> so wanted to familiarize myself with it.)
>
> One thing she noticed was the user "nobody", which sounded supsicious.
> And it had quite an insane UID (65534), compared to other user accounts.
> Her first thought was to Google for 'nobody 65534', and found many, many
> posts where people had obviously dumped their /etc/passwd to a mailing list
> for help with this-or-that. Based on this, she seemed happy enough to
> know it's just some "thing" that Linux does/has.
>
> For the life of me, I couldn't really explain _what_ "nobody" is used for.
> I'm familiar with it in terms of NCSA httpd and Apache, but beyond that...
> A little help, here? :^D
I note with appreciation Rod's separate explanation. Mine will probably
suffer some inaccuracies because it attempts to reconstruct ancient *ix
lore from faulty memory.
The "nobody" account is one that became a traditional feature long ago,
as a "sandbox" user-ID/username for running automated processes under
without elevated privilege and without special access to any specific
real user's files. It's typically set to have either a locked password
or no valid shell, so as to not be an entry point for attackers.
I _think_ that it's _maybe_ (I was going to say "probably", but then
thought better) largely superfluous (but harmless) at this point,
because it eventually dawned on Unix admins that two separate automated
processes could have a common-mode security failure or other form of
disasterous interaction, such that it's better to set up a _distinct_
username for each such process to run under -- which is why Apache
httpd now typically runs as user "httpd" or such, for example.
Now, I can't swear that something won't break on your system, either
today or later on, if you were hypothetically to remove or further
restrict the "nobody" user. Some scripts might be running as "nobody"
from time to time -- maybe cronjobs?
Flashback: Early in my use of Unixes, I decided one day to "tighten
system security", and eventually got around to setting the various
non-real usernames in /etc/passwd to have shell /bin/false instead of
/bin/sh, /tmp/[username] for their shells, and so on. Big mistake: A
whole lot of crucial system maintenance broke -- because those usernames
turned out to need a real shell to do their work, though they didn't
have to be valid for login.
More information about the vox-tech
mailing list