Delete/Disable nobody user from whonix passwd

nobody user since its used only for NFS service due to its insecurity:

https://wiki.ubuntu.com/nobody

user@host:~$ grep -E 'nobody' /etc/passwd
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
1 Like

Removal might be too difficult and not required since nobody / nogroup is probably already created by Debian default.

However, should make sure that nobody / nogroup is used nowhere in Kicksecure / Whonix source code.

Since System-wide sandboxing framework - sandbox-app-launcher - #371 by Patrick was done, this is now the case.

Having nobody / nogroup in /etc/passwd isn’t a security issue in itself. It only becomes an issue if a program is running under user nobody or under group nogroup or if a sysadmin sets the permission of a folder to user nobody or group nogroup with the assumption that these Linux user account / Linux user group has a special meaning, which would be wrong. Because user nobody or group nogroup has no special meaning. It’s just a normal user / group.

Also added to user documentation just now:
https://www.whonix.org/wiki/System_Hardening_Checklist#File_Folder_Permissions

There unless anyone has any further input, this is resolved.

1 Like