The Linux and Unix Nobody User

In Linux and Unix, the processes and services run under different users.

The processes may have a user created specifically for them, and, if they do not, they will run under a user called nobody. E.g. sshd is the user running the ssh deamon.

$ < /etc/passwd grep sshd

The nobody-owned processes are able to send signals to each others and even ptrace each other in Linux, meaning that a nobody-owned process can read and write the memory of another nobody-owned process.

The nobody user and group do not have any entry in the /etc/sudoers file so, in Linux and Unix, the user nobody does not have any root priviledges.

This is the sample line matching ‘nobody’ in the /etc/passwd file:

$ < /etc/passwd grep nobody

As you may notice, the nobody user has /bin/sh as an login shell and /nonexistent as homedir (as the name suggests, the /nonexistent directory does not exist, by default).

If you are paranoid, you can set nobody’s default shell as /usr/sbin/nologin and so, deny the ssh login for the nobody user. The nologin shell for Fedora is /sbin/nologin.

On Debian:
$ sudo chsh -s /usr/sbin/nologin nobody

On Fedora:
$ sudo chsh -s /sbin/nologin nobody

Find and delete the files and folders owned by nobody:

Display the files and folders owned by nobody:
$ find /path/to/dir -user nobody -print

Delete the files and folders owned by nobody:
$ find /path/to/dir -user nobody -exec rm -rf {} +

Tagged with: , , , , ,
Posted in The Linux and Unix Articles!
One comment on “The Linux and Unix Nobody User
  1. CG says:

    Yeah another security screw up in the past of linux, and linux is loaded with them….

Leave a Reply

Your email address will not be published. Required fields are marked *




Subscribe to get the latest Linux news and how to guides directly on your e-mail!