# user 'nobody' - who is this? why?



## pinglin (Nov 11, 2010)

Hello!

After googling found a lot of interesting articles about 'nobody' system user. But didn't found answer for things I am interested in.

I have radius authentication configured, users can telnet/ssh to my FreeBSD with radius accounts. So on radius server created user 'nobody' and successfully authenticated to my FreeBSD workstation (got waning "Couldn't chdir to /nonexistent" something like this, but given a shell). 
Wondering if it is a possible problematic place? is it possible to assign/change password to 'nobody'? 

What does it mean that 'nobody' has a NULL password by default?

Thanks in advance!


----------



## SirDice (Nov 11, 2010)

By default the nobody account is locked out, has a non-existent home directory and has it's shell set to /usr/bin/nologin. You shouldn't be able to get a shell on that account. Don't use it as a radius account.

The account can used to run applications or daemons and it has very limited access to the system.


----------



## pinglin (Nov 12, 2010)

Thank you for the reply.
The shell shouldn't be given, but it is given. 
Nevertheless it is impossible to assign password for 'nobody'...?


----------



## SirDice (Nov 12, 2010)

pinglin said:
			
		

> Nevertheless it is impossible to assign password for 'nobody'...?


No, you can set a password on it. It's just an account like all the others.


----------



## DutchDaemon (Nov 12, 2010)

But should be limited to its original settings ...


----------



## PacketMan (Mar 7, 2015)

So one of my newly built servers is crashing regularly. I had a `top` running to catch what what was going on when the crash occurred. I see that half a dozen or so processes were run by 'nobody'. I'm not saying this is related to the crash, but I am asking is it normal for 'nobody' to be running numerous processes including `find`, `locate.code`, numerous instances of `sh`, and `csh`?

Server is running 10.1-RELEASE.


----------



## tobik@ (Mar 7, 2015)

Yes, the `locate.code` probably comes from the weekly periodic that updates your locate database. It might spawn several shells and subprocesses that belong to nobody including `find`.


----------



## kpa (Mar 7, 2015)

PacketMan said:


> So one of my newly built servers is crashing regularly. I had a `top` running to catch what what was going on when the crash occurred. I see that half a dozen or so processes were run by 'nobody'. I'm not saying this is related to the crash, but I am asking is it normal for 'nobody' to be running numerous processes including `find`, `locate.code`, numerous instances of `sh`, and `csh`?
> 
> Server is running 10.1-RELEASE.



See this thread:

Thread 29994


----------



## PacketMan (Mar 7, 2015)

Yes thank you, I am exploring that and other discussions now.  I have been able to crash my system at will by running find command manually. Any let's keep that for other topics/threads. But I am interested in learning is my observation about 'nobody' is normal expected behavior.


----------



## kpa (Mar 7, 2015)

PacketMan said:


> Yes thank you, I am exploring that and other discussions now.  I have been able to crash my system at will by running find command manually. Any let's keep that for other topics/threads. But I am interested in learning is my observation about 'nobody' is normal expected behavior.



It is normal, many of the periodic(8) and built-in cron(8) tasks are run as nobody for security reasons.


----------



## PacketMan (Mar 7, 2015)

Righto, thanks again.


----------

