> In the /etc/passwd & group is a uid/gid of nobody. > Why is nobody there and what does he do?
User "nobody" was created in the early days of NFS when you had to deal with remote RPC that may not be coming from an authenticated user on the NFS server, and thus do not have a valid uid, or for any other reason you need to map a request to a known unprivileged user. That entry lets you specify what the uid for that known unprivileged user should be. The original NFS server (in the SunOS 2.x days) would happily believe any uid it was handed with very weak (if any) authentication, which would allow anyone claiming uid 0 remotely to edit any file on your system as root. This was clearly a Bad Thing. Somewhere around SunOS 3.x, the NFS server was changed so that unless you specified a particular option (nosquash), any RPC claiming uid 0 from a remote or unauthenticated source is mapped to user 'nobody', which has no privileges, can't log in, and owns nothing in the default system setup -- so theoretically it closes a major security hole. It exists in Linux to allow the NFS code to avoid major changes. Leave it alone. You'll want it in case someone accidentally installs NFS where it doesn't belong. > Also in his (and others) shadow file he has * as his encrypted password, > does this have special value? > nobody:*:13725:0:99999:7::: Indicates that this userid can't log on. The crypto libraries are guaranteed never to produce a encrypted string equal to '*' or '!', so any user with those strings as their encrypted password string cannot possibly authenticate successfully, so they cannot log on. If NIS or NIS+ is active, a '*' in the password position in the userent indicates that the login program should consult NIS for password string information. If NIS is not working, then the * entry prevents any user not explicitly listed in /etc/passwd from logging in until you get NIS working again...8-) ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
