Should the 'nobody' user on my headless Ubuntu server have shell access?

bash security linux users

The nobody user shouldn't need a shell but you could find that changing it may break something on Ubuntu. You can always give it a shot by changing it to nologin and see if anything breaks. There may be other system users that should not have a shell as well, see Your Distro is Insecure: Ubuntu. The main reason that nobody shouldn't have a shell is that a lot of externally facing programs like httpd run as nobody and it provides a foothold into your system if someone can compromise the account. Having it set to nologin puts up another hurdle to jump although it probably isn't much of a hurdle.

Related

Safe File System for Power Failure?
How to disable version control in phpstorm?
Simulate ternary operator in Elixir
IE 11 Script1002 Array.Filter(x => ...) (Arrow functions)
Use custom setter in Lombok's builder
Is there any EventEmitter in browser side that has similar logic in nodejs?
What is difference between SameSite="Lax" and SameSite="Strict"?
Difference between SSL and Kerberos authentication?
Sorting and Grouping Nested Lists in Python
SQL Server equivalent to Oracle's NULLS FIRST?
Python: why does `random.randint(a, b)` return a range inclusive of `b`?
Bundler throws uninitialized constant Gem::SilentUI (NameError) error after upgrading to Rubygems 1.5.0