The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Call me paranoid...

Discussion in 'General Discussion' started by GeekPatrolMille, Feb 27, 2006.

  1. GeekPatrolMille

    GeekPatrolMille Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    McKinney, Texas, USA
    Looking through the logs like a good admin (still green around the edges), I found the following... :eek:
    --------------------- Connections (secure-log) Begin ------------------------


    New Users:
    useradd (nfsnobody)


    New Groups:
    useradd (nfsnobody)


    ---------------------- Connections (secure-log) End -------------------------

    Looking through the secure logs found... :eek:
    root@ls05 [~]# cat /var/log/secure* | grep nfsnobody
    Feb 26 04:01:41 ls05 useradd[30195]: new group: name=nfsnobody, gid=65534
    Feb 26 04:01:41 ls05 useradd[30195]: new user: name=nfsnobody, uid=65534, gid=65534, home=/var/lib/nfs, shell=/sbin/nologin


    The last entry in my /etc/passwd reads like this... :eek:
    nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

    I found no other indications of foul play but this user was not added by my team. The time this showed up is right in the middle of the nightly UPCP process. I did not find any log notes referring to this. Should I be concerned by this new addition? Should I remove this user and group?

    Thank you for any assistance and insight that you can provide.
     
  2. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    I believe that user/group is added by default if you install/run nfs client/server

    I have that exact /etc/passwd and /etc/group entries on all of my servers that I use nfs on

    I don't think you have a problem with that entry
     
  3. GeekPatrolMille

    GeekPatrolMille Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    McKinney, Texas, USA
    Thanks Dave9000,

    I was mostly concerned because NFS client/server was not installed or run during the 24 hours prior to the info showing up in the logs. Since the shell is /sbin/nologin I was not completelt freaked out but it was odd none the less...

    -greg
     
  4. GeekPatrolMille

    GeekPatrolMille Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    McKinney, Texas, USA
    Thank you for the insight...
     
  5. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    I never have looked into how or when that uid/gid is created I just always have had this as we use nfs for backups

    I noticed in the changelog there is a ton of changes made to the edge tree so the upcp may have updated somethings in the system update and added that user

    regardless i would not worry about that user
     
Loading...

Share This Page