when some user id (uid) or group id (gid) cannot be represented in a Linux namespace, the kernel uses the 65534:65534 uid/gid pair as the uid/gid of a process or file.
Defining the nobody user with the uid/pair of 65534 is not an industry standard, but it is a current good practice: multiple Linux distributions, and BSD systems follow this convention
- on a RHEL 8 system, verify that the nobody user has the uid/gid 65534
grep nobody /etc/passwd
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin - on a RHEL 7 system, the nobody user has the uid/gid 99
grep nobody /etc/passwd
nobody:x:99:99:Nobody:/:/sbin/nologin