If you stare at the list of running processes on your server for long enough, you are bound to come across the user called “nobody”. Before you call a security expert and prepare to fight off a hacker, relax. While the username “nobody” may seem suspicious, it is actually supposed to be there.
On a Linux or Unix dedicated server, every process runs under a username. Generally, processes that your username starts will have that name and group listed in the process list. Processes used in the boot sequence may be run by root and will generally have the root user ID.
Memory resident services or daemons, however, often run under different usernames. They may have a user created specifically for them, and, if they do not, they will run under a user called “nobody”.
A program that runs under a local username will not have enough permissions to actually perform tasks like updating log files or processing the mail queue. On the other hand, a program that runs as root can do anything, even completely wipe the server.
In order to avoid the latter, the nobody user has more permissions than the local user but less than root. It is designed to function only within the parameters of system services. Furthermore, the nobody user does not have a password, making it impossible for attackers to guess it (unlike the root user).
Therefore, do not fear “nobody” and do not take any steps to hinder the user’s ability to run some of your critical applications, like the web server. What nobody does is nobody’s business.