2

I grepped the ps output for dbus with the following output:

102    742   0.0  0.0   4044  1480 ?        Ss   Apr16   27:13 dbus-daemon --system --fork --activation=upstart
xralf  2551  0.0  0.0   4076  212  ?        Ss   Apr16   0:14 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session dwm
xralf  2554  0.0  0.0   3936  224  ?        S    Apr16   0:00 /usr/bin/dbus-launch --exit-with-session dwm
xralf  2555  0.0  0.0   4248  1684 ?        Ss   Apr16   0:07 //bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
root   9970  0.0  0.0   3944  476  pts/5    S    May08   0:00 dbus-launch --autolaunch f6ddc5d5c514b5fb84725db7000007cd --binary-syntax --close-stderr
root   9971  0.0  0.0   3268  308  ?        Ss   May08   0:00 //bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session

Everything was run automatically. Could you explain what is happening in the system and if it's secure?

Notice especially username 102, //bin/dbus-daemon.

xralf
  • 16,149
  • 29
  • 101
  • 149
  • I don't see how someone can answer your question unless you define what you mean by "is the system secure". Also, exactly what are you wanting explained w/regards to "what is happening in the system". Of note, the '102' in the user column indicates a misconfigured system (no user for UID=102, but something is running as UID=102). – Astara May 19 '17 at 01:34

2 Answers2

3

You didn't provide much information about your system though. DBus system usually has two buses: a system bus and a session bus.

  • Session bus is started per user (in your case for root and xralf), lines 3 to 6. Line 2 is a dbus service that was requested by your window manager.
  • A system bus is needed for system-wide message exchange. This is your first line started under UID 102. The reason for UID to be shown instead user name could be that the user name is longer than 8 characters You could check your /etc/passwd to look up this UID.

This is how it looks like on my system:

message+    924      1  0 13:31 ?        00:00:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation

and a corresponding /etc/passwd entry:

messagebus:x:106:110::/var/run/dbus:/bin/false

dbus-launch is a utility to start a message bus. In more recent distribution this is done by systemd.

UVV
  • 2,928
  • 3
  • 23
  • 36
  • It seems worth stating directly that the mysterious “message+” username is apparently merely a truncated version of the username “messagebus” given the aforementioned eight‐character limitation. (It’d be easier to understand things if the `ps` and `top` commands used the (U+2026) ellipsis character to indicate truncation instead of the plus sign character…) – Patrick Dark Dec 13 '19 at 16:01
1
ps -o user:15,pid,ppid,c,stime,tty,time,cmd -p 742`

If the name is too long for the standard output for username (8 characters), then it shows the UID or same strange acronym. user:15 tells ps to show 15 letters for user name.

Example:

$ ps aux | grep exim
Debian-+  1259  0.0  0.0  53244  3192 ?        Ss   10:23   0:00 /usr/sbin/exim4 -bd -q30m

$ ps -o user:15,pid,ppid,c,stime,tty,time,cmd -p 1259
USER              PID  PPID  C STIME TT           TIME CMD
Debian-exim      1259     1  0 10:23 ?        00:00:00 /usr/sbin/exim4 -bd -q30m
Stephen Rauch
  • 4,209
  • 14
  • 22
  • 32