or: Help, nobody is running find!
somebody wrote:
[nobody running find]
This is most likely ‘locate’. Not itself, but its helper ‘updatedb’. http://linuxbasics.org/tutorials/using/finding_files
Suse does not install locate by default anymore, since its disk-activities did irritate users (espacially back in the days when coputers were not as fast as they are today.
Since I had never noticed this user doing anything before, I killed the process.
Which is ok as long as you don’t use ‘locate’ to find files. ‘locate’ can only find files that were cataloged by ‘updatedb’. Since it works with an index, ‘locate’ is fast but sometimes inacurate.
Think about “updatedb” as doing something like this: It makes a compressed list of all filenames on the system
find / | gzip -c >~/my.locate.index.gz
“locate” then “grep”s this list to find the string we are looking for (here we are looking for “ate”):
zgrep ate ~/my.locate.index.gz
I remember reading something about the nobody user before but not real familier with it’s purpose.
‘nobody’ is an unprivileged user on the system. If a file is not accessible for ‘the world’, then it should not be accessible by ‘nobody’, either.
I did a little goggleing on it, but could find nothing as to why it might have been running the find program. Is this a normal thing?
Yes. Imagine this: We can run ‘updatedb’ as root. Thus the ‘find’-process spawned be updatedb would see all files in all directories on the system. It would see the files in MY homedirectory and in your (if we had accounts on that machine).
Now image you are looking for a file in which you saved last year’s christman-menu, but you don’t remember the exact name. You do a ‘locate ate’ and get /home/mike/Everything I ate last christmas.odt /home/stw/I hate Linux.doc and a whole list of other files that might have names the owner wants to remain secret. You would not be able to access the file, but you would know the name, even with permissions of the file and the containing directory being -rwx------.
To investigate even further, you could locate all .doc, .ppt and .xls files, grep them for /home/stw and you would actually be able to guess how often I use MS-Office. People could also search for filesnames which contain the name of [boss|college|…] and guess from the filename and type to the content of the file.
So, running updatedb as root would seriously harm privacy on a multi-user system.
Makes sense, doesn’t it?
Copyright (c) by the authors.
Prior to editing, authors agreed to license their contributions by the terms of the GPL.
See our licensing page for details.
Linux® is a registered trademark of Linus Torvalds.