running as user nobody

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Lynn David Newton
Date:  
Subject: running as user nobody
What exactly is the significance of the user nobody?
I've been seeing it for a decade or more, and have
never really stopped to figure out why it's there. I
believe I remember the nobody user being assigned the
UIDMAX + 1. I think the max on the systems I was using
was 65535. On RH Linux nobody is uid 99 and has no
login.

Fair enough. However, by default, the Apache HTTP
daemon runs as nobody.nobody, though it can be
reassigned. I have it running as www.www on my home
system, and that's how it's set up on our primary
server at work (running an old version of BSDI). But
we're setting up a new server on a FreeBSD system, and
today we were trying to use some scripts that need to
make directories and transfer files by means of the
Web, and were getting permission errors. It didn't take
long to realize that if httpd is running under user
nobody, it doesn't have much permission to do stuff.

So what's the usual workaround? I recommended changing
the User and Group parameters to www in the httpd.conf
file, which will probably fix the problem, but at the
same time I'm thinking there's probably a reason they
set it up running nobody.nobody by default, and that
there's probably a more elegant and secure way to
handle the problems I'm seeing.

--
Lynn