What is the sandbox user '_apt' on my system
I ran rkhunter
and found out a warning, that there is a new user called _apt
on my Ubuntu 16.04
$ grep _apt /etc/passwd
_apt:x:124:65534::/nonexistent:/bin/false
All I found out is, that it seems that this is a kind of sandbox user for "advanced persistent threats". But what exactly is this?
Solution 1:
The user _apt
is created by the postinst
script of the apt
package (/var/lib/dpkg/info/apt.postinst
):
# add unprivileged user for the apt methods
adduser --force-badname --system --home /nonexistent \
--no-create-home --quiet _apt || true
It's the owner of /var/cache/apt/archives/partial
and /var/lib/apt/lists/partial
and used by APT to download packages, package list, and other things.