[moronovich]

yap, that's right. that's just a special case which rarely happen in the real world. i'm sure if it happens, it's just about the human error and not the system.
below is default configuration for user nobody in FreeBSD:

Code:

root#chpass nobody
Login: nobody
Password: *
Uid [#]: 65534
Gid [# or name]: 65534
Change [month day year]:
Expire [month day year]:
Class:
Home directory: /nonexistent
Shell: /sbin/nologin
Full Name: Unprivileged user
Office Location:
Office Phone:
Home Phone:
Other information:

you can see that it's almost impossible for nobody (somebody outside the server) to hijack the system since no login authority is given.

aynway, here i will show how user can trespass your system through ftp

Code:

root#chpass ftp
Login: ftp
Password: *
Uid [#]: 1073
Gid [# or name]: 5
Change [month day year]:
Expire [month day year]:
Class:
Home directory: /var/ftp/
Shell: /bin/sh
Full Name: User &
Office Location:
Office Phone:
Home Phone:
Other information:

you can see that user ftp can log in to the server using shell
if somebody try to log in to your ftp server through shell and by chance is able to put some binary files to your server, you' re now at risk. if the application runs at backdoor and you don't know what it exactly does, just prepare for the worst (although it's not so necessary to be a paranoid ).

the hacker can also try to port scan your server (using nmap or such tools). if you don't manage your ports well, just let them open, beware, maybe it's the time for the server to be down.. but again, i say, it's not so necessary to be a paranoid.. people are kind..