rubo77

Asked: 2016-08-10 10:24:00 +0800 CST2016-08-10 10:24:00 +0800 CST 2016-08-10 10:24:00 +0800 CST

What is the sandbox user '_apt' on my system

772

I ran rkhunter and found out a warning, that there is a new user called _apt on my Ubuntu 16.04

$ grep _apt /etc/passwd
_apt:x:124:65534::/nonexistent:/bin/false

All I found out is, that it seems that this is a kind of sandbox user for "advanced persistent threats". But what exactly is this?

1 Answers

Voted

Best Answer

Florian Diesch
2016-08-10T10:52:03+08:002016-08-10T10:52:03+08:00
The user _apt is created by the postinst script of the apt package (/var/lib/dpkg/info/apt.postinst):

# add unprivileged user for the apt methods adduser --force-badname --system --home /nonexistent \ --no-create-home --quiet _apt || true

It's the owner of /var/cache/apt/archives/partial and /var/lib/apt/lists/partial and used by APT to download packages, package list, and other things.
32

Web Analytics Made Easy - Statcounter