is it safe to group a user under "nobody" group
The intention of the nobody
group is to denote a group with the lowest rights in a unix system.
This implies that you don't compromise your system by adding a supplementary group nobody
to any user.
caveat:
This solution is a little bit smelling. Take a cup of coffee and think again if this is the way you want to go.
Generally should the group nobody
doesn't have write access to any content below public_html
.
Related videos on Youtube
Bibokid
Updated on September 18, 2022Comments
-
Bibokid almost 2 years
I have created a group called "devs". All our coders are grouped under "devs" so that they can access our websites which are all under
public_html
folder.I changed the group of
public_hml
to "devs", however, the server seem to override this, now the folder group is set to "nobody".I am thinking of grouping our coders under "nobody", but is it a good idea? Or are there security risks?
usermod -a -G nobody coder-username
-
Bibokid over 11 yearsThanks. I am not really sure why the
public_html
's group became "nobody", must be the server automated it or some other admin did it. But the group permission is onlyrx
, and there are no other file or folders under it that belongs to "nobody". So I think there is nothing smelly after all. Do you agree? -
H.-Dirk Schmitt over 11 years@Bibokid If the content doesn't need authentication, it is o.k. But if the content is restricted via the web server, it should be also have a similar constraint in the filesystem. That is the reason why apache is normally using a
www-data
group.