> PAM_UNIX[763]: (su) session opened for user www-data by (uid=0) > su [821]: + ??? root-nobody > > PAM_UNIX[821]: (su) session opened for user nobody by (uid=0)
> anymore (I do assume that it is an intrusion attack, > unless there is a much simpler explanation for this). No intrusion. It's just the normal behaviour of (a) the web server (httpd) and (b) many other daemons: they change their uid to (a) www-data , (b) nobody in order to make (possible) security holes less painful. -- Michael Wuertz <[EMAIL PROTECTED]> Tel: +49-6151-16-5812 * magic is real - unless declared integer *
