Home directory for system users

users useradd
7,363

You can create something like /var/empty and use it for your all system users, or just specify something like /dev/null as their home directory. I use the latter for system users that just run one binary (often service). If program wants to store something, I specify /srv/app where app is program name and make the directory for it.

If programs like useradd require you to specify home directory, specify /var/empty and create that directory as root:root 0755. Otherwise, just specify something invalid but sure existing, being it a file or directory. It also advised to specify a /bin/false as a login shell, although it's easy to override.

Or just specify /. It's no matter where their PWD will point to, if you want them not to write stuff, being in / is normal as being in /var/empty for example.

Share:
7,363

Related videos on Youtube

ITChap
Author by

ITChap

Infrastructure Engineer by day and Erlang/Elm/< your exotic language here > hobbyist by night. I like hardware, wireless things, wired things, old things...

Updated on November 29, 2022

Comments

  • ITChap
    ITChap over 1 year

    What is the best practice when setting the home directory of system users that don't have a specific working directory.

    I often have to create users to run specific binaries or scripts. Supposing that my binary is in /usr/bin and that my user will only be used by my init script to run this binary, can I simply run:

    useradd --no-create-home

    Or is it safer to specify a directory in /var, /tmp or else?

    • Admin
      Admin over 8 years
      It seems unusual. Why would you need to do that? Can't you have a standing 'anon' user, or something like that?
    • Admin
      Admin over 8 years
      @rayandrews It would be the same problem than with the user nobody. If multiple applications run under the same user, being nobody or something else, one compromised application can access the data of the others.
    • Admin
      Admin over 8 years
      If there's a need for the scripts to keep data or customizations (paths, etc), I would create something like /var/users/<user>. If the user has no need to write/read anything then something read-only to the user like '/' - obviously don't specify home creation - as it's the default home for nobody and other system users. I would avoid world writable like /tmp for maintenance and security reasons (think someone writing user's .bashrc file?).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

.bashrc and .bash_profile not created with adduser but created with useradd
How to create new user with Public key authentication?
Why is sudo telling me my password is wrong?
How to create a user with given password on SuSE from command line?
In what condition, should I create a system user instead of a normal user?
Restrict user to do SFTP on the www folder owned by www-data group
Add a new user steps for Oracle Linux 5
Trying to add user to group that exists in /etc/group not working
Linux/Unix username length limit
Why useradd -m doesn't fill created home dir with some defaults?