Home / server / Questions / 55749
Accepted
webwesen
Asked: 2009-08-19 10:55:16 +0800 CST

Linux : should I create nologin user home dirs?

  • 772

i have a few java apps running on my server and I set it up so that each app is executed with a nologin user id.

now, when I add users with 

/usr/sbin/useradd -g $MY_GROUP -s /sbin/nologin -d /home/$MY_USER $MY_USER

I was wondering if there is a convention on whether those users need a home at all and if they do - should I put them into 

/home/abc

or into 

/usr/local/abc

I've seen it done both ways

linux

2 Answers

  1. Best Answer

    On RedHat like systems you can create the users as system accounts using the ‘-r’ option:

       -r This flag is used to create a system account. That is, a user with a UID lower than the value of UID_MIN defined in
      /etc/login.defs and whose password does not expire. Note that useradd will not create a home directory for such an user,
      regardless of the default setting in /etc/login.defs. You have to specify -m option if you want a home directory for a system
      account to be created. This is an option added by Red Hat

    Depending on whether this option is available on your distro, this may be what you want.

    • 3

  2. As a systems administrator, I prefer that all my stub accounts use / as their home directory unless I have a compelling reason to have a real home directory.

    The home directory can store authentication information. For instance, the .ssh/authorized_keys files can act as a vector to allow people onto the system unintentionally or maliciously.

    Otherwise, the home directory may be useful if you plan on suing to another UID and plan on having local configurations for when doing stuff as that user (I've seen this with oracle setups). I'm not keen on that sort of thing -- I prefer to just have a script that I source that sets up the local environment for me, but different strokes...

    • 2