On a new Debian 10 server I wanted to create some system accounts. Like those being used by mysql, postfix and ntp:
messagebus:x:104:105::/nonexistent:/usr/sbin/nologin unscd:x:105:109::/var/lib/unscd:/usr/sbin/nologin ntp:x:106:112::/nonexistent:/usr/sbin/nologin mysql:x:108:114:MySQL Server,,,:/nonexistent:/bin/false postfix:x:109:116::/var/spool/postfix:/usr/sbin/nologin
Account are created with useradd, or adduser? Well, man useradd tells me this is a low level command, so better use adduser. Fair enough. man adduser clearly states how to create a system account, use the –system flag. Reading futher, man adduser tells me, that “A home directory is created by the same rules as for normal users“. Really, for a system user? No problem, just add the –no-create-home flag and the problem is solved. What this command does is explained like this: “Do not create the home directory, even if it doesn’t exist“. Right…
Unfortunately, adduser –system –no-create-home creates a system user like this:
So this user is defined with a home directory, and does not create it. No problem, just add the –home /nonexistent flag. And if you want to create the associated group, instead of being part of nogroup (65534) add the –group option (only when used in combination with –system).
To summarize, the following command creates a system user, just like the ones shown above.
adduser –system –no-create-home –home /nonexistent –group <system-user-name>
So what about useradd? useradd –system creates a system user without home directory like this:
So here you also need a number of options to get the wanted result and thus does not bring you any advantage over adduser. Note the UID and GID numbers. Where adduser counts upwards (good), the useradd command counts down from the top of the range for system users. This range is defined in /etc/login.defs and it set to 100-999 for system users. Someone really succeeded in making simple things complicated…