LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 06-11-2013, 03:03 AM   #1
zama
Member
 
Registered: Mar 2012
Posts: 34

Rep: Reputation: Disabled
Users with 'nologin' shell ! Can it pose any security threat ?


On a security audit performed on our production Linux servers , we were asked to remove nobody user if no apps is using it.

I checked and could see that there are no files owned by 'nobody' user.

find / -path /proc -prune -o -user nobody -ls

Since 'nobody' user does not have a login shell , can it pose any security threat ? Is it advisable to delete 'nobody' user or any user which does not have a login shell?

grep nobody /etc/passwd
nobody:x:99:99:Nobody:/:/sbin/nologin

Please give your thoughts.
 
Old 06-11-2013, 03:27 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
The whole point of the account is that it's low risk. Processes are started as root and then their ownership is changed to nobody so that in the event of someone compromising the process, they have a process with next to no access rights to the file system. It's a GOOD thing.

That said, IF you have no processes using it, it being there or not is a moot point, and you could delete it if you really want to.
 
  


Reply

Tags
security, users


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Schneier: government, big data pose bigger Net threat than criminals LXer Syndicated Linux News 0 02-25-2012 08:50 AM
BlackBerrys pose 'security risk' say UAE authorities Jeebizz Linux - News 0 07-26-2010 09:40 AM
Exactly what kind of threat does Microsoft pose to Linux? FlGator81 General 15 12-04-2008 08:18 AM
linux+yp /etc/nologin. How to exclude some users? kyle292002bro Linux - Security 2 12-16-2003 08:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration