21

When I list al groups I see one called 'nogroup'. What is this for? Is it supposed to be least privileged one or something? I'm using ubuntu 11.04.

ren
  • 1,005
  • 3
  • 11
  • 16
  • 1
    Not strictly related to your question, but I found this interesting, http://refspecs.linux-foundation.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/usernames.html – Paolo Apr 04 '15 at 14:02

3 Answers3

22

nogroup is the group analog to the nobody user. It is used for unprivileged processes so that even if something goes wrong the process does not have the permissions to cause any serious damage to an important user or group.

jw013
  • 50,274
  • 9
  • 137
  • 141
  • 2
    Is there any sense in nobody/nogroup? I once found that ntpd in OpenSuSE was running as "nobody" - so if someone gets nobody he can kill my ntpd... – Nils Oct 13 '11 at 19:59
  • 8
    @Nils You are correct. The `nobody` user paradigm only works for a single service. The recommended practice is moving towards running each process as a separate user. – jw013 Oct 13 '11 at 20:21
3

Debian's documentation for nogroup explains it as:

nogroup (user: nobody): Daemons that need not own any files run as user nobody and group nogroup. Thus, no files on a system should be owned by this user or group.

Hamy
  • 275
  • 2
  • 6
0

No an answer for this question, but a relevant information.

I had folders and files owned by nobody nogroup.

I wanted to know the ID of nobody nogroup, then I found that the ls command has the option -n to see the IDs instead of names.

So ls -ln showed me the IDs:

65534 65534
Ruben Alves
  • 151
  • 6