Can someone explain the 'nobody' user in Linux?
- Thread starter Garet Jax
- Start date
There are many different "odd" users in any *nix os. The general idea is that you run a service with restricted permissions (ie: another user) so if the service were to be compromised the potential damage someone could do to your system would be limited.
pretty much the user nobody has zero permission...
for example, the apache webserver often runs as user nobody. that said, if you want to give it access to write a folder or file you have to chown the file/directory to nobody (chown -R nobody:nobody somefolder)
what this means not having any access except that which is explicity set, is that it can't be taken over and operated as some user, except as nobody. imagine if apache ran as root and someone found a way to send custom commands to the console through apache... scary huh? but yeah, that's the idea behind it
for example, the apache webserver often runs as user nobody. that said, if you want to give it access to write a folder or file you have to chown the file/directory to nobody (chown -R nobody:nobody somefolder)
what this means not having any access except that which is explicity set, is that it can't be taken over and operated as some user, except as nobody. imagine if apache ran as root and someone found a way to send custom commands to the console through apache... scary huh? but yeah, that's the idea behind it
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
The 'nobody' user started as a non-priviledged account for things like apache to run as so it wouldn't have root permissions incase a bug was found, but then everyone started using it so then nobody had access to tons of things because so many services ran under that id. Now nobody is generally not used at all, most daemons have their own user to run as ( For example on Debian, Apache runs as www-data. MySQL runs as mysql, etc) so they really are isolated from each other should a problem arise.
To add my $0.02 to these already correct explanations, nobody provides a user account under which to run a process. By using nobody this process will give no other permission (file/dir) to 'other' user accounts that use this process.
If you ran a process under the account 'root' you may then take advantage of whatever access is allowed to root , ie full access.
If you ran a process under the account 'root' you may then take advantage of whatever access is allowed to root , ie full access.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 19K
-
-
-
Facebook
Twitter