![](https://seccdn.libravatar.org/avatar/9506e0ed9f019b5ecc1b85222f9356f8.jpg?s=120&d=mm&r=g)
hi On Mon, 21 Aug 2000, Jonathan Wilson wrote:
At the moment I'm working on securing a SusE 6.4 box, and I'm wondering about the user "nobody" I see that it has /bin/bash set as a login shell, and If I try to login with ssh from another host, it does indeed want a valid password.
What is this user really for? for security ( and convenience). There are many daemons which must run as some user. if these are root, then possiblities of exploits are too much ( sendmail for one). so they run as nobody ( for instance updatedb. u have a choice to run it as nobody). also httpd has a separate user, www i
if you can see the shadow file, it will be nobody:*:some:things that means that you cannot login as long as you provide a password , which when encrypted will give you "*". But this cannot(hasnt) happen, so the account is disabled for logging in. But if you are root, su - nobody will give you the powers of nobody. think, but does not run as root.
What will it break if I remove the user, or change the password (do any daemons or programs se it?)? if u remove the user, u break the daemons-- inshort some ( if not most) of your configuration. but i think, if u want ot llive dangerously, u can change these to run as some user or root. if u change the passwd, u break the security ;-)
Does it need a shell? I see it has no home. no, since no one logs in as nobody
If no, can I set the shell to /bin/true (or should that be /bin/false)?
u can. cheers cheedu -- ***** cogito cogito ergo cogito sum: i think that i think, therefore i think that i am. --Devils Dictionary -- -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq