“Nobody” is the conventional name of a user account which owns no files, is in no privileged groups, and has no abilities except those
which every other user has.
Pretty much the user nobody has zero permission…
If you stare at the list of running processes on your server for long enough, you are bound to come across the user called “nobody”. Then, don’t panic.
You can check your process running on your system as:
$ ps -aux
Nobody is a system user that has zero permissions. It is used for authentication purpose. In Linux, every process ( Memory resident services, daemons, common servers like MySql, Apache) runs under a username. Generally, the processes run under the username and group is listed in process list, but if it is not mentioned there, then it run as a “Nobody” username( by default).
Web server assigns the rights of the web-server-specific user, typically user “nobody”, to the connected web client, as if “nobody” is connected to the web server. “Nobody” doesn’t belong to your group and thus it inherits permissions that “others” have to your files. for example, For generic files such as html or images, etc you usually need to set 644 permissions. It is because “nobody” needs to read the file, and thus the file should be readable by others, hence 4 (read only) permissions for both group and others. For yourself you need a right to read and write (hence 6) to the file.For scripts you need 755 rights. The script should be executable by “nobody”. The script file should also be readable by “nobody”, as the file is interpreted by an interpreter such as Perl and therefore must be readable. Thus it must combine read and execute permissions for “others”, as “nobody” belongs to “others” group. For yourself you need to have also write access, getting 755 as a result.
A program that run under a local username, has not enough permissions, whereas the program running under root has full permissions, can do anything, even completely wipe the server. But, Nobody user has permissions more than normal user and less then root. It is designed to function only within the parameters of system services. Furthermore, the nobody user does not have a password, making it impossible for attackers to guess it (unlike the root user).
for example, the apache webserver often runs as user nobody. That said, if you want to give it access to write a folder or file you have
to chown the file/directory to nobody (chown -R nobody:nobody somefolder) what this means not having any access except that which is explicity set, is that it can’t be taken over and operated as some user, except as nobody. Imagine if apache ran as root and someone found a way to send custom commands to the console through apache… scary huh? but yeah, that’s the idea behind it. The ‘nobody’ user started as a non-priviledged account for things like apache to run as so it wouldn’t have root permissions incase a bug was found, but then everyone started using it so then nobody had access to tons of things because so many services ran under that id. Now nobody is generally not used at all, most daemons have their own user to run as ( For example on Debian, Apache runs as www-data. MySQL runs as mysql, etc) so they really are isolated from each other should a problem arise.
Therefore, do not fear “nobody”. What nobody does is nobody’s business.