Recipe 8.13. Creating a System User

8.13.1 Problem

You need to know how to create system users for programs like Postfix, Apache, or Squid. These programs should have their own unique user accounts and not just all pile into "nobody."

8.13.2 Solution

Both adduser and useradd can do this. adduser works like this:

# adduser —system  —no-create-home —group squid

Adding system user squid...

Adding new group squid (109).

Adding new user squid (109) with group squid

Not creating home directory

Check your work:

# cat /etc/passwd | grep squid

squid:x:109:109::/home/squid:/bin/false

Even though it lists /home/squid, a home directory is not created.

Here's how useradd does it:

# useradd -d /dev/null -g squid -s /bin/false squid

8.13.3 Discussion

The nobody user is the default for a lot of daemons and processes that need a system account, but an increasing number of applications require their own unique users. Use a unique user whenever possible, because it's a good security practice. The nobody account is a common cracker target, and you don't want to expose all kinds of processes and daemons to a common point of attack.

8.13.4 See Also

• adduser(8), adduser.conf(5), useradd(8)