Question: Who is “nobody”, and why is he running so many programs on my server? Am I being hacked?
Answer: On a Linux-based dedicated server, every application must be run by a particular user. On a desktop system, programs are usually either run by the local user or the system. Anything that runs as a local user typically has very basic permissions, often not enough to access directories outside of /home. The alternative, however, is to run a program as root.
If something runs as root, it has complete access to everything, even directories and other programs that it has no need to use. What results is a serious security concern. To remedy this, many Linux distributions will run major services, particularly ones that access the network, as a third user. On most systems, that user is called “nobody”
“Nobody” does not have its hand completely tied like a local user, but it also does not have the sweeping permissions of root. Instead, it functions only for the purpose of running whatever software is assigned to it. Furthermore, unlike the basic local user or root, “nobody” does not have a password. Would-be attackers can never login as “nobody”. Therefore, rest assured. Not only is “nobody” not a threat, he is actually keeping your server safe.
Photo Source: Flickr