The Linux and Unix Nobody User

In Linux and Unix, the processes and services run under different users.

The processes may have a user created specifically for them, and, if they do not, they will run under a user called nobody. E.g. sshd is the user running the ssh deamon.

$ < /etc/passwd grep sshd
sshd:x:114:65534::/var/run/sshd:/usr/sbin/nologin

The nobody-owned processes are able to send signals to each others and even ptrace each other in Linux, meaning that a nobody-owned process can read and write the memory of another nobody-owned process.

The nobody user and group do not have any entry in the /etc/sudoers file so, in Linux and Unix, the user nobody does not have any root priviledges.

This is the sample line matching ‘nobody’ in the /etc/passwd file:

$ < /etc/passwd grep nobody
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh

As you may notice, the nobody user has /bin/sh as an login shell and /nonexistent as homedir (as the name suggests, the /nonexistent directory does not exist, by default).

If you are paranoid, you can set nobody’s default shell as /usr/sbin/nologin and so, deny the ssh login for the nobody user. The nologin shell for Fedora is /sbin/nologin.

On Debian:
$ sudo chsh -s /usr/sbin/nologin nobody

On Fedora:
$ sudo chsh -s /sbin/nologin nobody

Find and delete the files and folders owned by nobody:

Display the files and folders owned by nobody:
$ find /path/to/dir -user nobody -print

Delete the files and folders owned by nobody:
$ find /path/to/dir -user nobody -exec rm -rf {} +

Liked it? Take a second to support Geekster on Patreon!
Tagged with: , , , , ,
Posted in The Linux and Unix Articles!
One comment on “The Linux and Unix Nobody User
  1. CG says:

    Yeah another security screw up in the past of linux, and linux is loaded with them….

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Support LinuxG via Patreon
Support LinuxG.net on Patreon!
Subscribe

  

Subscribe to get the latest Linux news and how to guides directly on your e-mail!