What user is linux nobody?

青灯夜游
青灯夜游Original
2022-11-14 18:08:283302browse

In Linux, nobody is an anonymous user, a non-privileged user who can only access public content on the server. The "purpose" of using the nobody username is to allow anyone to log in to the system, but its UID and GID do not provide any privileges, that is, the uid and gid can only access files that everyone can read and write. Because the default login shell is "/sbin/nologin", user nobody cannot directly log in to the system, which means it is difficult for hackers to connect to your server through vulnerabilities to cause damage.

What user is linux nobody?

#The operating environment of this tutorial: linux7.3 system, Dell G3 computer.

The Windows system will automatically create some user accounts after installation. In the Linux system, there are also some user accounts that are available after the
system is installed, just like the built-in accounts in the Windows system.

They are used to complete specific tasks, such as nobody and ftp, etc. When we access the web program of LinuxSir.Org, the official website server allows customers to log in as 'nobody' (equivalent to the Windows system Anonymous account);

When we access ftp anonymously, we will use user ftp or nobody.

What is the nobody user under Unix/Linux system?

nobody is an ordinary user, a non-privileged user. The 'purpose' of using the nobody username is so that anyone can log into the system, but its UID and GID do not provide any privileges, that is, the uid and gid can only access files that everyone can read and write.

In many systems, a nobody is created by default by default, and try to 'limit its permissions to the minimum'. When the server provides external services, the client may be allowed to log in as nobody.

nobody is an ordinary account. Because the default login shell is '/sbin/nologin', this user cannot log in to the system directly, which means it is difficult for hackers to connect to your server through loopholes to cause damage. In addition, the permissions of this user are also configured very low. Therefore, it has relatively high security. Everything is only given to the lowest permissions. This is the meaning of nobody's existence.

What does it mean that the user shell is /sbin/nologin in Unix/Linux system?

If a user's default shell is set to /sbin/nologin, the user is prohibited from logging into the system;

The function of this nologin is to restrict certain users from ssh. Log in to the shell.

For example, you can set the user default shell of applications such as nginx mysql php-fpm to /sbin/nologin in daily life

Mainly to improve system security

The shell of the system account Using /sbin/nologin, you cannot log in to the system at this time, even if you give the password.

The so-called "unable to log in" only means that the user cannot use bash or other shells to log in to the system. It does not mean that this account cannot use system resources. For example, in each system account, the print job is managed by the lp account, and the www server is managed by the apache account. They can both perform system program work, but they cannot log in to the host.

Sometimes some services, such as email services, are mostly used to receive emails from the host and do not require login. If an account tries to connect to my host to get a shell, we can reject it.

Sometimes you can use the /etc/nologin file to temporarily prohibit other users from logging in. The specific method is to create a file named nologin in the /etc/ directory.

For example:

 #touch /etc/nologin

This will prohibit subsequent users from logging into the system.

When a user is prohibited from logging in, the contents of the /etc/nologin file will be displayed to the user and will flash by.

For example, add the following content to the /etc/nologin file:

#vi /etc/nologin
disable login by admin temperarily!

When the user attempts to log in, "disable login by admin temperarily!" will be displayed to the user. When the system maintenance is completed In the future, if you delete the /etc/nologin file, other users can resume login again. This is only limited to users who can log in to the shell.

There is no such thing for those users whose login shell is /sbin/nologin. Impact, because they cannot log in to the shell themselves.

In addition, if I want to let a user with /sbin/nologin know that they cannot log in to the host, I can create a new file /etc/nologin.txt and write the reason why they cannot log in inside the file. , when the user logs in, the contents of this file will appear on the screen.

For example:

 #vi /etc/nologin.txt
 This account is system account or mail account.
 #su - mail

will prompt "This account is system account or mail account."

Supplement:

/etc The functions of the two files /nologin and /etc/nologin.txt are not the same.

When the /etc/nologin file exists, any general identity account will only obtain the contents of /etc/nologin when trying to log in, and will not be able to log in to the host directly.

When /etc/nologin is created and the content is set to "This Linux server is maintained....", anyone who tries to log in will see these prompts and will not be able to log in to the system.

Until the /etc/nologin file is deleted, ordinary users can log in normally.

Summarize:

  • nobody is an anonymous user under the linux/unix system and can only access public content on the server

  • /sbin/nologin is under the linux/unix system A shell setting item that does not allow users whose login shell is /sbin/nologin to log in to the system

  • /etc/nologin.txt is only for users whose login shell is /sbin/nologin

  • /etc/nologin can be understood as targeting all ordinary users

Related recommendations: "Linux Video Tutorial"

The above is the detailed content of What user is linux nobody?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn