PDA

View Full Version : activity monitor reveals unusual user w/mysqld process


bloozman
05-31-2007, 06:35 PM
From time to time I look at my activity monitor to see what is going on. I know Mac OS X is reputed to be pretty much bullet proof when it comes to security, but my experiences in the windows world has made me ever suspicious of hackers.

Most of the activity monitor reveals me or root as the user, but there is a user called "nobody" with the process name mysqld (a database process, kind of scary) with 11 threads. Also mdimport process name showing this "nobody" user with 3 threads. However no CPU % seems being used which is not scary.

What do you all make of this? Any insight into what this might be?

Does it seem mildly suspicious to you, as well?

Thanks in advance for any feedback

cwtnospam
05-31-2007, 07:17 PM
It's normal.

honestpuck
05-31-2007, 07:44 PM
From time to time I look at my activity monitor to see what is going on. I know Mac OS X is reputed to be pretty much bullet proof when it comes to security, but my experiences in the windows world has made me ever suspicious of hackers.

Most of the activity monitor reveals me or root as the user, but there is a user called "nobody" with the process name mysqld (a database process, kind of scary) with 11 threads. Also mdimport process name showing this "nobody" user with 3 threads. However no CPU % seems being used which is not scary.

What do you all make of this? Any insight into what this might be?

Does it seem mildly suspicious to you, as well?

Thanks in advance for any feedback

First thing is that the user "nobody" is a normal system user. It is a user that has extremely limited privileges (they can't even login) and is the best user for dangerous processes.

"mysqld" is your MySQL database system waiting for someone to ask it to do something. "mdimport" is a system process involved in getting extra information about files into a system database so they can be displayed and searched. Both are running as "nobody" as a safety and security measure - it makes it harder for them to do something evil if the are hijacked.

# Tony

bloozman
05-31-2007, 08:59 PM
Thank you both. That does answer my question and I am most appreciative. Anywhere I can study up on all the normal background processes; any references you know of that would help, so I won't have to post any more such questions?

Thanks, again.

honestpuck
05-31-2007, 09:53 PM
Thank you both. That does answer my question and I am most appreciative. Anywhere I can study up on all the normal background processes; any references you know of that would help, so I won't have to post any more such questions?

Thanks, again.

You're welcome. I'm sorry to say that my knowledge has seeped in through my pores over twenty years and way too many tech books to know where to point you.

OS X is quite close to any BSD implementation so a good book on BSD internals is probably a good start, though it wouldn't have mentioned mdimport. I did a 'ps' to see if I was running mdimport and then 'man mdimport' to gain a clue on what it was up to.

If you're a Unix newcomer then let me recommend "The Unix Programming Environment" by Kernighan and Pike - I always like to learn from the masters.

# Tony

renaultssoftware
12-30-2010, 09:10 AM
i think somebody is spying or stilling data
try this http://url_removed.com, maybe it will help

zxzasa, we just proved that 'nobody' is a system user with limited permissions. We call that spamming.