LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 03-13-2006, 10:26 AM   #1
r.stiltskin
Member
 
Registered: Oct 2003
Location: USA
Distribution: Xubuntu, Arch
Posts: 231

Rep: Reputation: 31
session opened for user nobody


Code:
su[3402]: + ??? root:nobody
su[3402]: (pam_unix) session opened for user nobody by (uid=0)
I understand that this is a normal daily cron event, but I'd like a fuller understanding of what it is doing. Where can I find a full explanation?
 
Old 03-13-2006, 11:37 AM   #2
dracae
Member
 
Registered: Feb 2006
Location: Oklahoma
Distribution: Debian Sid and Etch
Posts: 423

Rep: Reputation: 30
You have a cron job that is dropping privs to that of nobody. PAM is logging it.
look in /etc/cron* to find out what script is actually being run
 
Old 03-13-2006, 12:47 PM   #3
r.stiltskin
Member
 
Registered: Oct 2003
Location: USA
Distribution: Xubuntu, Arch
Posts: 231

Original Poster
Rep: Reputation: 31
I can't tell anything by looking at those directories. This "nobody" entry occurs every day at 6:25 AM. Maybe it's just the daily rotating of the log files. Here's what I see in /etc/cron.daily:
Code:
bsdmainutils  find       man-db    netkit-inetd  standard
exim4-base    logrotate  modutils  quota         sysklogd
But what I really want to understand is the idea of the user "nobody". Why is there a "nobody"? Is that a user account for the cron daemon? for all daemons? and what's the meaning of the entry
Code:
+ ??? root:nobody
?

Last edited by r.stiltskin; 03-13-2006 at 12:48 PM.
 
Old 03-13-2006, 01:06 PM   #4
dracae
Member
 
Registered: Feb 2006
Location: Oklahoma
Distribution: Debian Sid and Etch
Posts: 423

Rep: Reputation: 30
In Debian that username maps to userid 65534. There should be no files or directories owned by this user. This means that this user only has access to files and folders where world/other has access.
The purpose of this id is to drop all privileges
 
Old 03-13-2006, 01:17 PM   #5
r.stiltskin
Member
 
Registered: Oct 2003
Location: USA
Distribution: Xubuntu, Arch
Posts: 231

Original Poster
Rep: Reputation: 31
What does that mean: "drop all privileges"?

Where should I look to read about that?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
User Session Lock dutch1918 SUSE / openSUSE 3 05-04-2006 04:01 PM
How can I kill a user session? vous Linux - Security 3 03-20-2005 01:02 PM
could not a open session for other user zameer_india Linux - Networking 0 02-16-2005 01:42 AM
Session opened automaticaly: mandrake 9.2 (cooker) cyberk Mandriva 3 10-30-2003 11:38 PM
User cant start an X session Chijtska Linux - Software 8 03-20-2002 08:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 01:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration