Raspberry Pi Asked by Zindik on February 19, 2021
My raspberry pi has been hacked and as result my samba files have been encrypted by the user nobody. There is a thy demon that keep running in my pi by the user nobody.
I have been searching triggerhappy demon it is controlling input devices such as keyboard, mouse vs.
I am suspicious that this demon supposed be run by root. any idea ? is this normal ? if it is not how can I change this demon user ?
nobody
is a generic system user for unprivileged system processes. This is probably normal or a misconfiguration.
I am suspicious that this demon supposed be run by root.
Running samba root is probably a bad idea as it is outward facing, ie., an attack vector. If the daemon is hacked via its net interface and is running root, the attacker now has privileged access to your system. Hence, web servers and the like usually run un-privilleged.
However, because they may require privileges during start-up (eg., to open a low number port), they often start as root and once that stuff is done, drop privileges by switching to another uid (such as nobody
).
Answered by goldilocks on February 19, 2021
I have the same process.
nobody 264 0.0 0.4 4304 2052 ? Ss 09:25 0:01 /usr/sbin/thd --triggers /etc/triggerhappy/triggers.d/ --socket /run/thd.socket --user nobody --deviceglob /dev/input/event*
As far as I am aware this is normal.
Answered by joan on February 19, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP