What is nobody user and group?

On my server (Synology DS212) some files and folders have nobody nobody users and groups. What are the characteristics of this user and group? Who can write of read this file?

How can I change it? For which user and group?

Asked By: Guuk

||

The user who can login as nobody can change these files, but normally the system is setup so this is not possible. On my debian based system the entry in the /etc/passwd file is:

nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

and /usr/sbin/nologin gives:

This account is currently not available.

You can only change this under the root user, as normally no one else is member of the group nobody. However I doubt if you should do so. Normally these files get this ownership on purpose.

Answered By: anyone

The nobody user is a pseudo user in many Unixes and Linux distributions. According to the Linux Standard Base, the nobody user and its group are an optional mnemonic user and group. That user is meant to represent the user with the least permissions on the system. In the best case that user and its group are not assigned to any file or directory (as owner). This user is in his corresponding group that is (according to LSB) also called “nobody” and in no other group.

In earlier Unixes and Linux distributions daemon (for example a webserver) were called under the nobody user. If a malicious user gained control over such a daemon, the damage he can perform is limited to what the daemon can. But the problem is, when there are multiple daemons running with the nobody user, this has no sense anymore. That’s why today such daemons have their own user.

The nobody user should have no shell assigned to it. Different distributions handle that in different ways: some refer to /sbin/nologin that prints a message; some refer to /bin/false that simply exits with 1 (false); or some just disable the user in /etc/shadow.

According to Linux Standard Base, the nobody user is “Used by NFS”. In fact the NFS daemon is one of the few that still needs the nobody user. If the owner of a file or directory in a mounted NFS share doesn’t exist at the local system, it is replaced by the nobody user and its group.

You can change the permission of a file owned by the nobody user just simply with the root user and chown. But at the machine hosting the NFS share, that user might exist, so take care.

I also use a Synology system. They run the apache web-server under the nobody user.

Answered By: chaos
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.