LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-22-2006, 08:06 AM   #1
ic_torres
Member
 
Registered: Nov 2005
Location: ABAP
Distribution: slackware 12.0, Vector Linux STD 6.0 and 5.8, ZenWalk 4.6.1, OpenBSD 3.9
Posts: 389

Rep: Reputation: 34
whois nobody? ? ?


guys, i have this such info on my etc/passwd, what does this mean

nobody:x:99:99:nobody:/:

i have finger it and the result was:

me@darkstar:~$ finger nobody
Login: nobody Name: nobody
Directory: / Shell: /bin/sh
Never logged in.
No mail.
No Plan.

***********************

what does this mean? do i have an extra user aside from ME and root?
pls help
 
Old 03-22-2006, 08:14 AM   #2
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 77
Nobody is a system user that required by some daemons. There should be other system users listed in /etc/passwd.
 
Old 03-22-2006, 04:21 PM   #3
ic_torres
Member
 
Registered: Nov 2005
Location: ABAP
Distribution: slackware 12.0, Vector Linux STD 6.0 and 5.8, ZenWalk 4.6.1, OpenBSD 3.9
Posts: 389

Original Poster
Rep: Reputation: 34
apache

i think i know why i have this nobody user (correct me if m wrong)

i have apache running on my box, and according to the link:


http://www.linux.com/guides/Bugzilla...security.shtml

it says:

5.6.3. Daemon Accounts
Many daemons, such as Apache's httpd and MySQL's mysqld default to running as either "root" or "nobody". Running as "root" introduces obvious security problems, but the problems introduced by running everything as "nobody" may not be so obvious. Basically, if you're running every daemon as "nobody" and one of them gets comprimised, they all get comprimised. For this reason it is recommended that you create a user account for each daemon.
 
Old 03-22-2006, 06:38 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
As reddazz said, 'nobody' is used by a number of different system processes for performing various activities, not just for running Apache with reduced privileges. In fact, it's actually not recommended to use 'nobody' as the Apache user for that very reason. Compromising the Apache service would give the attacker access to everything that that 'nobody' has access to, including other processes the are running under 'nobody'. It's a bit safer to use a dedicated user for Apache (many distros actually have a user named 'apache' for that purpose).
 
Old 03-23-2006, 12:42 AM   #5
ic_torres
Member
 
Registered: Nov 2005
Location: ABAP
Distribution: slackware 12.0, Vector Linux STD 6.0 and 5.8, ZenWalk 4.6.1, OpenBSD 3.9
Posts: 389

Original Poster
Rep: Reputation: 34
Quote:
Originally Posted by Capt_Caveman
As reddazz said, 'nobody' is used by a number of different system processes for performing various activities, not just for running Apache with reduced privileges. In fact, it's actually not recommended to use 'nobody' as the Apache user for that very reason. Compromising the Apache service would give the attacker access to everything that that 'nobody' has access to, including other processes the are running under 'nobody'. It's a bit safer to use a dedicated user for Apache (many distros actually have a user named 'apache' for that purpose).

i got ur point on creating a separate user for apache, (if that's the case, what should i do to "nobody" )
 
Old 03-23-2006, 03:48 AM   #6
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 77
Quote:
Originally Posted by ic_torres
i got ur point on creating a separate user for apache, (if that's the case, what should i do to "nobody" )
Just leave it as it is because other daemons may need to use that account. All you need to do is create a user account for the apache user and configure apache to run as that user.

Last edited by reddazz; 03-23-2006 at 03:50 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
whois problem. bruse Linux - Networking 11 08-25-2005 09:33 AM
whois problem bruse Linux - Networking 7 07-04-2005 09:20 AM
Where is 'whois' RomanG Mandriva 3 03-20-2005 03:29 PM
whois gazza Linux - Newbie 6 11-11-2003 03:23 PM
whois command cmenjivar Linux - Newbie 4 08-29-2001 06:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration