Of Stack

Unix and Linux system nobody users and nologin detailed introduction

  • 2020-11-30 08:46:33
  • OfStack

What are nobody users under Unix/Linux system?

1. Windows system will automatically set up some user accounts after installation, and there are also some user accounts in Linux system
The system is available after installation, as is the built-in account 1 in the Windows system.

2. They are used to complete specific tasks, such as nobody and ftp, etc. When we visit the webpage program of ES14en. Org, the server on the official website is to let customers log in as 'nobody' (equivalent to the anonymous account in the Windows system);

When we access ftp anonymously, we use user ftp or nobody.

3. First of all, nobody is an ordinary user, not a privileged user. The 'purpose' of using the nobody username is to enable anyone to log in to the system, but its UID and GID do not offer any privileges, namely that the uid and gid only have access to files that everyone can read and write.

4. Second, many systems routinely create an nobody by default, trying to 'limit its permissions to a minimum', and may allow client to log in as nobody when the server is serving out.

5, nobody is a common account, because the default login shell is '/sbin/nologin', so this user is not able to directly log in the system, that is, the hacker is difficult to connect to your server through the vulnerability to do damage. In addition, this user is configured with very low permissions. So it has a higher security. All cuts are given only the minimum permission. This is what nobody is for.

Unix/Linux System user shell is /sbin/nologin what does it mean?

If a user's default shell is set to /sbin/nologin, the user is forbidden to log in the system.

The purpose of nologin is to restrict some users from logging into shell via ssh.

For example, daily users of nginx mysql ES65en-ES66en can set shell as /sbin/nologin by default

The main thing is to improve system security

The system account shell USES /sbin/nologin. At this time, the system cannot be logged in, even if the password is given.

"Unable to log in" simply means that the user cannot use bash or other shell to log in to the system. It does not mean that the account cannot use system resources. For example, in each system account, the printing job has lp account management, www server has apache account management, they can carry out the system program work, but just can't log in the host.

Sometimes some services, such as mail services, are used mostly to receive mail from hosts and do not require logging in. If an account tries to connect to my host to get shell, we can refuse.

Sometimes you can temporarily disable other users by using the /etc/nologin file by creating a file named nologin in the /etc/ directory.

Such as: 


 #touch /etc/nologin

This prevents subsequent users from logging in to the system.
When the user is forbidden to log in, the contents of the /etc/nologin file will be displayed to the user with 1 flash.

For example, add the following to the /etc/nologin file: 


#vi /etc/nologin
disable login by admin temperarily!

When the user attempts to log in, the user is shown "disable login by admin temperarily!" When the system maintenance is over and the /etc/nologin file is deleted, other users will be able to log in again. This is only for those users who can log in shell

It doesn't matter for those who log on to shell as /sbin/nologin, as they cannot log on to shell themselves.

In addition, if I want someone with /sbin/nologin to know that they can't log in to the host, I can create a new /etc/ nologin.txt file and write the reason why they can't log in. When the user logs in, the contents of this file will appear on the screen.

Such as: 


 #vi /etc/nologin.txt
 This account is system account or mail account.
 #su - mail

"This account is system account or mail account."

Supplement:

/etc/nologin and /etc/ nologin.txt do not serve the same purpose.

When the /etc/nologin file exists, any 1 general id account attempting to log in will only get /etc/nologin content, and will not be able to log in directly to the host.

When /etc/nologin is established and the content is set to "This Linux server is maintaining..." , anyone trying to log in will see these prompts and be unable to log in to the system.

No normal user can log in until the /etc/nologin file is deleted.

Conclusion:

nobody is an anonymous user under the linux/unix system and can only access public content on the server

/sbin/nologin is one of the shell Settings under linux/unix system. Users logging in to shell /sbin/nologin are not allowed to log in to the system

etc/ ES203en. txt is only for shell /sbin/nologin users

/etc/nologin can be understood to be for all ordinary users

Related articles: