Что за юзер «nobody»
для работы многих демонов (в частности, обслуживающих какие-то сетевые запросы, например, http-серверов) не требуется никаких «особых» полномочий.
а ещё в коде таких демонов бывают ошибки, которые могут эксплуатироваться злоумышленниками.
а ещё такие демоны могут быть сконфигурированы вызывать интерпретаторы каких-нибудь скриптовых языков (php, python, и т.д. и т.п.), выполняя код, написанный владельцем машины (а чаще скачанный им из каких-нибудь «левых» источников, типа сайтов, распространяющих какие-нибудь cms и тому подобные кишащие ошибками и «бэкдорами» наборы скриптов).
учитывая вышеизложенное хорошим решением для пущей безопасности будет выполнение таких демонов от имени какого-нибудь «рядового» пользователя (лучше — даже не обладающего правами запуска интерактивных сеансов).
разработчики таких демонов для этого реализуют, например, следующую логику: как и все другие демоны, такой демон запускается пользователем root, а затем понижает свои привилегии (пользователю root это доступно), переключаясь на указанного (в конфигурационном файле) «рядового» пользователя.
вот такую конфигурацию вы и наблюдаете: программа nginx после запуска (и считывания файлов конфигурации, для чего нередко могут потребоваться полномочия root-а), переключается на работу от имени пользователя (в вашем случае) nobody .
ещё часто используется (как раз для работы http-серверов в debian-основных (да и во многих других) дистрибутивах) имя пользователя www-data .
посмотреть всех имеющихся в системе пользователей можно, например, командой
What is nobody user under Unix/Linux OS?
Windows will automatically create some user accounts after installation, in Linux also has some user accounts after system installation, just like the built-in accounts in Windows.
They are commonly used to complete specific tasks, such as nobody and ftp, etc. When we visit some website, the server of the website is to allow customers to log in as ‘nobody‘ (equivalent to anonymous accounts in the Windows system); when we anonymously access ftp server, we will use the user ftp or nobody.
First, nobody user is a normal user, not a privileged user. The ‘purpose’ of using the nobody is to allow anyone to log in to the system, but its UID and GID do not provide any privileges, which the uid and gid can only access files that everyone can read and write to.
Second, many systems routinely create a nobody by default, try to ‘limit its privileges to a minimum’, and when the server is served to the unknown people, it may allow the client to log in as a nobody.
Nobody user is a general account, because the default login shell is /sbin/nologin, so this user is unable to log into the system directly, that is, it is difficult for hackers to connect to your server through the vulnerability to do damage. In addition, the privileges of this user are also configured to be very low. So there is a high level of security. Everything is given only minimum privileges. That’s the point of nobody’s existence.
Related posts:
Why user becomes nobody?
If you do ls -ldn x do you get 532 528 x for your directory ownership? And what about grep nobody /etc/passwd ?
3 Answers 3
Another possible explanation is that you run this stuff on a filesystem which is fixed to one user.
Cases for this could be ntfs or vfat .
A nfs mount with root_squash (the default) might be another reason.
You can use the usermod command to modify various user parametes like the username and the UID.
User alias
A possible explanation is that you already had a user called nobody with the UID (User ID) 532. The result is you have created a «user alias».
You either can try to specify another UID for your user (or let the system pick-up one). Or you can leave it like that. The only security risk is that if a service or other user can access nobody ‘s data then it will be able to access your data.
NFS User ID Mapping
For users to have the feeling they are accessing their own files, the UID on the NFS server should match the UID on the NFS clients. Although, you want to avoid that for root at least.
By default, NFS exportfs will choose UID/GID of 65534 which corresponds to your user nobody ‘s UID. You need to instruct the NFS server not to map all UID to 65534 or if this is the wanted behaviour, you need to specify the mapped default UID.
For the first case, remove the all_squash and replace it by root_squash , but bare in mind that any non root user with a similar UID between the NFS server and any clients will be a match, so they own the files»
For the second case, keep the all_squash but add anonuid=532 (you can use also anongid for the GID (or Group ID)).
/ pc001(rw,root_squash) /home/joe pc002(rw,all_squash,anonuid=532,anongid=100) Note: the changes should be done in the file /etc/exports on the NFS server.
User nobody is logged in on ‘. ‘
I’ve used shutdown now all the time and never seen anything like this. What is this? What’s nobody ‘s business on . ? I’m the sole user of my sys and have never messed w/ nobody there EDIT (per comments):
x@yz:~$ ps -aux | grep nobody nobody 2666 0.0 0.0 45408 132 ? Ss May 09 0:00 /lib/systemd/systemd --user nobody 2667 0.0 0.0 163956 8 ? S May 09 0:00 (sd-pam) x 11189 0.0 0.0 24480 1004 pts/0 S+ 02:50 0:00 grep --color=auto nobody x@yz:~$ ps -U 65534 PID TTY TIME CMD 2666 ? 00:00:00 systemd 2667 ? 00:00:00 (sd-pam) Use the suggested command and if you want more info here’s a lighter reading askubuntu.com/questions/329714/…
1 Answer 1
1. How nobody user came in your system?
Nobody user is a pseudo user created by default on a fresh install in many Linux and Unixes distributions
2. Who is nobody user ?
«Nobody» user has the least permissions on the system. It owns no files, is in no privileged groups, and has no abilities except those which every other user has. Nobody user has no shell assigned to it.
~$ sudo grep nobody /etc/passwd nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin 3. What is the purpose of nobody user ?
In early Unix and Linux Distributions, it was common to run daemons (for example a webserver) under nobody user to limit the damage to the rest of the system, so that If a malicious user gained control over such a daemon, he do not have access to any file or privileged rights.
But the problem is, when there are multiple daemons running with the nobody user, this has no sense anymore. That’s why today such daemons have their own user.
4. How nobody user logged in on your system ?
You might have some service/daemon running which runs under nobody user. Some examples of services can be: httpd, nfs, postfix , etc
5. What are the two processes running on your system under nobody user ?
- systemd —user instance that is started when a user first logs in ( in your case it is the nobody user )
- (if pam_systemd is enabled), systemd starts a subprocess «(sd-pam)» that opens a PAM session for the user, using the «systemd-user» service name.
6. Why are the processes ( systemd and sd-pam ) still there , even when the service that ran under nobody user is not running anymore ?
Well this has been reported as a bug where
Systemd-user doesn’t properly close its PAM session.
Systemd is not able to close pam session properly because sd-pam subprocess drops privileges after pam_open_session(). So pam_close_session() runs as the user rather than as root which breaks PAM modules that need to do privileged tasks to clean up the session.
For more information on this:
What is nobody user and group?
On my server (Synology DS212) some files and folders have nobody nobody users and groups. What are the characteristics of this user and group? Who can write of read this file? How can I change it? For which user and group?
2 Answers 2
The nobody user is a pseudo user in many Unixes and Linux distributions. According to the Linux Standard Base, the nobody user and its group are an optional mnemonic user and group. That user is meant to represent the user with the least permissions on the system. In the best case that user and its group are not assigned to any file or directory (as owner). This user is in his corresponding group that is (according to LSB) also called «nobody» and in no other group.
In earlier Unixes and Linux distributions daemon (for example a webserver) were called under the nobody user. If a malicious user gained control over such a daemon, the damage he can perform is limited to what the daemon can. But the problem is, when there are multiple daemons running with the nobody user, this has no sense anymore. That’s why today such daemons have their own user.
The nobody user should have no shell assigned to it. Different distributions handle that in different ways: some refer to /sbin/nologin that prints a message; some refer to /bin/false that simply exits with 1 (false); or some just disable the user in /etc/shadow .
According to Linux Standard Base, the nobody user is «Used by NFS». In fact the NFS daemon is one of the few that still needs the nobody user. If the owner of a file or directory in a mounted NFS share doesn’t exist at the local system, it is replaced by the nobody user and its group.
You can change the permission of a file owned by the nobody user just simply with the root user and chown . But at the machine hosting the NFS share, that user might exist, so take care.
I also use a Synology system. They run the apache web-server under the nobody user.