> PAM_UNIX[763]: (su) session opened for user www-data by (uid=0)
> su [821]: + ??? root-nobody
>
> PAM_UNIX[821]: (su) session opened for user nobody by (uid=0)
> anymore (I do assume that it is an intrusion attack,
> unless there is a much simpler explanation for this).
No intrusion. It's just the normal behaviour of (a) the web server
(httpd) and (b) many other daemons:
they change their uid to (a) www-data , (b) nobody in order
to make (possible) security holes less painful.
--
Michael Wuertz <[EMAIL PROTECTED]> Tel: +49-6151-16-5812
* magic is real - unless declared integer *
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
