nobody (username)
In many Unix variants, "nobody" is the conventional name of a user account which owns no files, is in no privileged groups, and has no abilities except those which every other user has. Some systems also define an equivalent group "nogroup".
Uses
- The pseudo-user "nobody" and group "nogroup" are used, for example, in the NFSv4 implementation of Linux by idmapd, if a user or group name in an incoming packet does not match any known username on the system.
- It was once common to run daemons as nobody, especially on servers, in order to limit the damage that could be done by a malicious user who gained control of them. However, the usefulness of this technique is reduced if more than one daemon is run like this, because then gaining control of one daemon would provide control of them all. The reason is that processes owned by the same user have the ability to send signals to each other and use debugging facilities to read or even modify each other's memory. Modern practice, as recommended by the Linux Standard Base, is to create a separate user account for each daemon.[1]
gollark: Why have political opinions when you could just outsource?
gollark: Mass surveillance of communications makes governments overly powerful and harms security.
gollark: We should also abolish GCHQ, because bad.
gollark: IIRC there are broad laws about "disturbing the peace" and something something terrorism, so they can do things.
gollark: Yes.
References
- Linux Standard Base, Core Specification 3.1 section 21.2: User & Group Names, linux-foundation.org
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.