guys, i have this such info on my etc/passwd, what does this mean

nobody:x:99:99:nobody:/:

i have finger it and the result was:

me@darkstar:~$ finger nobody
Login: nobody Name: nobody
Directory: / Shell: /bin/sh
Never logged in.
No mail.
No Plan.

***********************

what does this mean? do i have an extra user aside from ME and root?
pls help

Nobody is a system user that required by some daemons. There should be other system users listed in /etc/passwd.

i think i know why i have this nobody user (correct me if m wrong)

i have apache running on my box, and according to the link:


http://www.linux.com/guides/Bugzilla...security.shtml

it says:

5.6.3. Daemon Accounts
Many daemons, such as Apache's httpd and MySQL's mysqld default to running as either "root" or "nobody". Running as "root" introduces obvious security problems, but the problems introduced by running everything as "nobody" may not be so obvious. Basically, if you're running every daemon as "nobody" and one of them gets comprimised, they all get comprimised. For this reason it is recommended that you create a user account for each daemon.

As reddazz said, 'nobody' is used by a number of different system processes for performing various activities, not just for running Apache with reduced privileges. In fact, it's actually not recommended to use 'nobody' as the Apache user for that very reason. Compromising the Apache service would give the attacker access to everything that that 'nobody' has access to, including other processes the are running under 'nobody'. It's a bit safer to use a dedicated user for Apache (many distros actually have a user named 'apache' for that purpose).

i got ur point on creating a separate user for apache, (if that's the case, what should i do to "nobody" )

Just leave it as it is because other daemons may need to use that account. All you need to do is create a user account for the apache user and configure apache to run as that user.