Creating a System User

You need to know how to create system users for programs like Postfix, Apache, or Squid. These programs should have their own unique user accounts and not just all pile into “nobody.”

Both adduser and useradd can do this. adduser works like this:

# adduser —system —no-create-home —group squid
Adding system user squid…
Adding new group squid (109).
Adding new user squid (109) with group squid
Not creating home directory

Check your work:

# cat /etc/passwd | grep squid
squid:x:109:109::/home/squid:/bin/false

Even though it lists /home/squid, a home directory is not created.

Here’s how useradd does it:

# useradd -d /dev/null -g squid -s /bin/false squid

The nobody user is the default for a lot of daemons and processes that need a system account, but an increasing number of applications require their own unique users. Use a unique user whenever possible, because it’s a good security practice. The nobody account is a common cracker target, and you don’t want to expose all kinds of processes and daemons to a common point of attack.