问题描述
在阅读List all human users后,我注意到在我的Ubuntu系统中有一个名为’nobody’的用户帐户。
另外我注意到,我可以使用以下命令和密码从终端登录此帐户:
sudo su nobody
它根本不介意我,但我想知道这个用户的目的是什么?是在默认情况下在全新安装的Ubuntu上创建的,还是通过安装特定软件包创建的?
最佳解决方案
它在那里运行不需要任何特殊许可的东西。它通常被保留用于易受攻击的服务(httpd等),这样如果它们被黑客入侵,它们将对系统的其他部分造成最小的破坏。
与真实用户运行某些东西相反,如果该服务遭到破坏(Web服务器偶尔会被利用来运行任意代码),它将以该用户的身份运行并访问用户拥有的所有内容。在大多数情况下,这与获取root一样糟糕。
您可以阅读关于Ubuntu Wiki上的nobody用户的更多信息:
要回答您的follow-ups:
为什么我无法使用su nobody访问此帐户?
sudo grep nobody /etc/shadow会告诉你,没有人没有密码,你不能没有帐户密码的su。最简洁的方法是改为sudo su nobody。这会让你陷入一个非常荒凉的sh shell 。
您是否可以举出一个特定的示例,指出如何使用此帐户?
当程序的操作不需要权限时。当没有任何磁盘活动时,这是最值得注意的。
一个真实的例子是memcached(一个key-value in-memory缓存/数据库/东西),坐在我的电脑上,我的服务器在nobody账号下运行。为什么?因为它不需要任何权限并且给它一个确实具有对文件的写入访问权限的帐户将是不必要的风险。
次佳解决方案
In many Unix variants, “nobody” is the conventional name of a user account which owns no files, is in no privileged groups, and has no abilities except those which every other user has.
It is common to run daemons as nobody, especially servers, in order to limit the damage that could be done by a malicious user who gained control of them. However, the usefulness of this technique is reduced if more than one daemon is run like this, because then gaining control of one daemon would provide control of them all. The reason is that nobody-owned processes have the ability to send signals to each other and even debug each other, allowing them to read or even modify each other’s memory.
信息来自http://en.wikipedia.org/wiki/Nobody_(username)。
第三种解决方案
默认情况下,nobody用户将在全新安装时创建(在Ubuntu Desktop 13.04上进行检查)。
In many *nix variants,
nobodyis the conventional name of a user account which owns no files, is in no privileged groups, and has no abilities except those which every other user has (thenobodyuser and group do not have any entry in the/etc/sudoersfile).It is common to run daemons as
nobody, especially servers, in order to limit the damage that could be done by a malicious user who gained control of them. However, the usefulness of this technique is reduced if more than one daemon is run like this, because then gaining control of one daemon would provide control of them all. The reason is thatnobody-owned processes have the ability to send signals to each other and even debug each other, allowing them to read or even modify each other’s memory.Source: Wikipedia – Nobody (username)
The
nobody-owned processes are able to send signals to each others and even ptrace each other in Linux, meaning that a nobody-owned process can read and write the memory of another nobody-owned process.This is a sample entry of the
nobodyuser in the/etc/passwdfile:alaa@aa-lu:~$ grep nobody /etc/passwd nobody:x:65534:65534:nobody:/nonexistent:/bin/shAs you may notice, the
nobodyuser has/bin/shas a login shell and/nonexistentas the home directory. As the name suggests, the/nonexistentdirectory does not exist, by default.If you are paranoid, you can set
nobody’s default shell as/usr/sbin/nologinand so, deny the ssh login for thenobodyuser.
第四种方案
上面的anwers是错误的,因为他们认为nobody是一个”generic”匿名/访客风格的用户ID。
在UNIX /Linux访问控制模型中,匿名/访客样式用户标识不存在,这些建议是不好的:
-
“通常将守护程序作为
nobody运行,尤其是服务器,以便限制恶意用户可以对其进行控制的损害。”因为如下所示:“但是,如果不止一个守护进程像这样运行,这种技术的用处就会减少,因为那么获得对一个守护进程的控制就可以控制它们。” -
“一个真实世界的例子是
memcached(一个key-value in-memory缓存/数据库/东西),坐在我的电脑上,我的服务器在nobody帐户下运行。为什么?因为它不需要任何权限并给它一个帐户那些确实有写入权限的文件只是不必要的风险。“
用户ID为65534的nobody用户名是为特定目的而创建和保留的,应仅用于此目的:作为NFS树导出中”unmapped”用户和用户标识的占位符。
也就是说,除非为NFS树导出设置了用户/ID映射,否则导出中的所有文件都将显示为nobody所有。这样做的目的是为了防止导入系统上的所有用户访问这些文件(除非他们具有”other”权限),因为它们中的任何一个(除root外)都不能成为nobody。
因此,将nobody用于任何其他用途是一个非常糟糕的主意,因为它的目的是成为任何人都无法访问的文件的用户名/用户标识。
Wiki条目也非常错误。
UNIX /Linux的做法是为每个需要单独访问控制域的”application”或应用程序区域创建一个新帐户,并且不要在NFS之外重复使用nobody。