11

I'm messing around with Tiger security audits on my CentOS box, ensuring the server is fit for being online, well as close as it can get anyway.

I noticed a warning about the user nobody having / as a home directory. I just can't figure out which directory it should "live in" so to speak. So where shall I put this fella? And how about ncsd now we're at it?

I guess the questions really are: What is nobody and ncsd for? Which security risk does it impose for those users to have root set as their home directory? In an optimal environment, where would their home directories be?

Improve this question
11
  • I think that generally each operating system or operating system distribution has its own pesudo-standard for what the home directories of various system users are. For example, on Debian it's /nonexistent. What is the home directory of the nobody user on a fresh install of the operating system you are using? Commented May 8, 2013 at 16:56
  • 1
    On my distro (Gentoo), it's /var/empty. And it does exist and contains files. Strange... Commented May 8, 2013 at 17:00
  • 1
    I doubt the distro creators intended for those logons to be usable. Commented May 8, 2013 at 17:08
  • 1
    On Crunchbang and Unbuntu it is /nonexistent and I think if you create a directory with that name you deserve yourself. Commented May 8, 2013 at 17:26
  • 1
    This particular "security check" is pointless, since even if you get a shell with a home directory in /var/empty or wherever, you can change directories up, and if you specify a nonexistent directory then your shell just gets thrown into / anyway. Commented May 11, 2013 at 15:48

1 Answer 1

Reset to default
6

[EDIT]: I misunderstood the question. I will write a more appropriate answer here.

I do not know Tiger Security, but I agree that the user nobody is mean to have NO homedir, NO right over any subdir at all and is mean to really to have NO shell at all (and to do never properly do a 'login').

But the actual settings (in /etc/passwd) are different for different Linux distros and BSDs and *unix.

I checked using this command :

$ grep nobody /etc/passwd

on RedHat 5.2 (that is the same as a Centos), and I find :

nobody:x:99:99:Nobody:/:/sbin/nologin

so probably '/' this is the standard for RedHat/Centos.

I checked on Ubuntu 10.04 :

nobody:x:65534:65534:nobody:/nonexistent:/bin/sh

(and '/nonexistent' does not exist)

and on Mac OSX 10.4 Tiger (that is a BSD derivate) :

nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false

(and '/var/empty' exists and is empty)

My guess is that Tiger Security does not like the standard setting on RedHat/CentOS. You can probably safely ignore this warning or you can edit /etc/passwd setting nobody's home to an empty or non-existent directory in order to satisfy the Tiger Security test.

Improve this answer
4
  • No, Tiger security: nongnu.org/tiger Commented May 10, 2013 at 22:35
  • @Time Sheep: ok, but on that kind of *nix are you getting this warning ? Different distros setup nobody user in different ways. The 'grep nobody /etc/passwd' will tell you how. I suggest you to edit you original question and specify you are talking about Tiger security. Commented May 11, 2013 at 6:25
  • I did for a fact write I was looking at some Tiger Security audits in the original question, so there is no need to edit it. I'm working on CentOS. It doesn't really matter where it is, but I guess it's supposed to be somewhere safe, because as far as I know "nobody" is used as a user without privileges etc. Commented May 11, 2013 at 15:03
  • 1
    @Time Sheep: yes, my fault, I misundestand the question. I'll edit my answer. Commented May 13, 2013 at 8:42

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.