Referencing the answers to this question, they give nifty one-liners to create such a user such as:
sudo adduser --system --no-create-home --group mightydog
After this, can user mightydog log on? What is his password?
Asked
Active
Viewed 3,858 times
0
Maki
- 121
- 7
Organic Marble
- 23,641
- 15
- 70
- 122
-
2Why not try and find out? – fkraiem Mar 20 '18 at 14:07
-
Sometimes my 'try and find out' experiences have ended...poorly. – Organic Marble Mar 20 '18 at 14:20
1 Answers
5
There's no harm in simply trying it out. On my system (16.04), this resulted in a user with locked password (*) and no valid login shell (/bin/false), as can be seen from its /etc/passwd and /etc/shadow entry:
# grep mightydog /etc/passwd
mightydog:x:128:138::/home/mightydog:/bin/false
# grep mightydog /etc/shadow
mightydog:*:17610:0:99999:7:::
So no, it does not have a password, and it also can not log in by any other means (like SSH keys, or using sudo -u) due to the /bin/false shell.
Byte Commander
- 107,489
-
Thanks. I'll need to investigate how to allow this user to log on via ssh. I appreciate your adding that bit of info, it saved me a lot of blind alley wandering. – Organic Marble Mar 20 '18 at 14:19
-
You just have to specify a login shell like
/bin/bashand you should be able to log in usingsudo -uor SSH after setting up key-based authentication. – Byte Commander Mar 20 '18 at 14:31 -
Thanks again. From what I've seen so far, I may also need to set up a minimal home directory to hold the .ssh directory for the user. But this I will be experimenting with. – Organic Marble Mar 20 '18 at 14:37
-
2FYI this behavior is documented in the
addusermanpage underAdd a system user: "The new system user will have the shell /bin/false (unless overridden with the --shell option), and have logins disabled." – steeldriver Mar 20 '18 at 15:05