Users usually require a password, in case you need to log in and use them. But there are cases when you don’t want to log in and you don’t want to worry that somebody else could either. If you need that kind of user, then you’ve come to the right place.
A passwordless and homeless (without a home directory) user can sometimes be useful. Probably the biggest use is for PHP FPM, so you can run each PHP pool jailed, without having access to the rest of the server. For this you will need an user for each PHP pool you may have. You won’t be able to log in and use that user, but it will secure your PHP setup greatly.
I have been looking for the best way of creating a passwordless user and I think I’ve finally found the best one, though I’m open to suggestions.
As usual, we’re going to use the
adduser command and we will need three flags,
--no-create-home makes sure the user won’t get a home directory, so it will only own whatever directory you give it permission too. The
--disabled-password flag won’t set or allow the user to have a password, so it will not be possible to log in with that user. Finally, the
--gecos "" flag won’t ask you for any user information, like name. If you’d like to set that information, get rid of
--gecos. Personally I don’t care about that information, so I don’t want to bother with it.
So, in order to easily create a user without a home, with no password and without the ability of getting logged into, this is the command you have to use:
adduser --no-create-home --disabled-password --gecos "" TheUserYouWant
If you’ve got a better, easier or safer way of doing it, please let me know in the comments.