What is the best practice when setting the home directory of system users that don't have a specific working directory.
I often have to create users to run specific binaries or scripts. Supposing that my binary is in /usr/bin and that my user will only be used by my init script to run this binary, can I simply run:
useradd --no-create-home
Or is it safer to specify a directory in /var, /tmp or else?
Best Answer
You can create something like
/var/emptyand use it for your all system users, or just specify something like/dev/nullas their home directory. I use the latter for system users that just run one binary (often service). If program wants to store something, I specify/srv/appwhereappis program name and make the directory for it.If programs like
useraddrequire you to specify home directory, specify/var/emptyand create that directory as root:root 0755. Otherwise, just specify something invalid but sure existing, being it a file or directory. It also advised to specify a/bin/falseas a login shell, although it's easy to override.Or just specify
/. It's no matter where their PWD will point to, if you want them not to write stuff, being in/is normal as being in/var/emptyfor example.