Hi all, I've read conflicting stuff on a few forums etc. regarding this. When I enter the following line:
grep nobody /etc/passwd
I get the following output
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Should nobody have shell access? Can you qualify your answers please.
Thanks
-
The nobody user shouldn't need a shell but you could find that changing it may break something on Ubuntu. You can always give it a shot by changing it to nologin and see if anything breaks. There may be other system users that should not have a shell as well, see Your Distro is Insecure: Ubuntu. The main reason that nobody shouldn't have a shell is that a lot of externally facing programs like httpd run as nobody and it provides a foothold into your system if someone can compromise the account. Having it set to nologin puts up another hurdle to jump although it probably isn't much of a hurdle.
From carson
0 comments:
Post a Comment