What is the sandbox user '_apt' on my system

apt users rkhunter

I ran rkhunter and found out a warning, that there is a new user called _apt on my Ubuntu 16.04

$ grep _apt /etc/passwd
_apt:x:124:65534::/nonexistent:/bin/false

All I found out is, that it seems that this is a kind of sandbox user for "advanced persistent threats". But what exactly is this?


Solution 1:

The user _apt is created by the postinst script of the apt package (/var/lib/dpkg/info/apt.postinst):

 # add unprivileged user for the apt methods
 adduser --force-badname --system --home /nonexistent  \
     --no-create-home --quiet _apt || true

It's the owner of /var/cache/apt/archives/partial and /var/lib/apt/lists/partial and used by APT to download packages, package list, and other things.

Related

Differences between GRUB, GRUB2 and BURG
How do I reset the network adapter using a terminal command?
How do I prevent one user in particular from accessing my home directory?
Why do I need the x permission to cd into a directory? [duplicate]
How to connect my ubuntu to my workplace, GlobalProtect VPN, using win 7 VM
Black screen around Virtualbox VM in fullscreen mode (Guest additions installed)
How to disable animations in Ubuntu 16.04
Ubuntu 16.04 LTS - how is the X server started?
Where is the save directory for screenshot?
How can I protect parentheses passed to a cd command? [duplicate]
Bash: get current working directory name, but not full path
How to change font size using i3-wm?