Successful SU For Nobody By Root?

Successful su for nobody by root?

If you are looking through you auth log files you may notice entries saying “session opened for user nobody”. What could this mean and is your server being compromised?

Feb 23 06:25:02 the-cave su[16451]: Successful su for nobody by root
Feb 23 06:25:02 the-cave su[16451]: + ??? root:nobody
Feb 23 06:25:02 the-cave su[16451]: pam_unix(su:session): session opened for user nobody by (uid=0)
Feb 23 06:25:02 the-cave su[16451]: pam_unix(su:session): session closed for user nobody
Feb 23 06:25:02 the-cave su[16453]: Successful su for nobody by root
Feb 23 06:25:02 the-cave su[16453]: + ??? root:nobody
Feb 23 06:25:02 the-cave su[16453]: pam_unix(su:session): session opened for user nobody by (uid=0)
Feb 23 06:25:03 the-cave su[16453]: pam_unix(su:session): session closed for user nobody

Session Opened For User Nobody

Any services that run as a daemon on the server need to be run by a user. Nobody is a system user that is used to run various services. Apache, MySQL, cron and other services will but run as the user nobody.

How Is It Initiated

When one of these services need to run a task, that task will be initiated and the process is then passed to user nobody which then completed the process.

PHP Ping Script Video Tutorial

Webucator, a provider of online and onsite business and technical training, contacted me and asked if they use my php ping script article as a basis for a new training video. The video would be added to their list of PHP courses. I allowed them to use the php ping script as part of their video and a few days later I was sent a link to the newly created php ping script video.

After watching the video Webucator created, I was was truly amazed and it had surpassed all my expectations. Webucator have managed to perfectly convert the written article into an easy to understand, fully comprehensive and simple to follow php tutorial video.

I was impressed with how much detail the above php video tutorial encompassed. The video covers each of the different php ping scripts, and perfectly explains how each of the php ping scripts work. They also highlighted the strengths and usefulness of the each script as well as demonstration a working version of each script.

The video also pays attention to vital parts of each script, such as:

  • Why you should escape arguments passed to the ping script.
  • The situations in which each ping script is most useful.
  • Which ping script you should be using if the website is blocking icmp packets.

Take a look at the video and check out their other training videos. It will be well worth your time.