Colleague: Angie, got a question for you?
Me: sure, go ahead.
Colleague: who's "nobody"?
We've been working on re-organizing some folders lately and came across some weird file/folder permissions on the UNIX boxes, which probably date back to... I don't know.. Prehistoric times. Just that nobody had bothered to get the folders and files permissioned properly and so, naturally, we would expect to come across some weirdness.
Anyway, my answer was that "nobody" was a system account, which in our case was probably used by some script to generate some files. However, this answer is just half-complete.
It turns out that this account, which is a system acount has little priviledges, such as read-only access to files and folders. However, like any *nix account, you can of course grant more priviledges to this account, BUT you would have to bear the consequences of any security costs. :)
There are a number of articles out there which will deal with not using "nobody" as a process owner. Anyway, for those of you out there handling web server, best to have somebody (admin, not root) own the web server instance processes, so that the web server's security isn't compromised.
No comments:
Post a Comment
Please feel free to add your comments. However, take note that your comments may be edited or deleted as seen fit by the author of this blog.
Take note that the author of this blog may not be held responsible for the comments which may be insensitive, vulgar or controversial.