What is the best practice when setting the home directory of system users that don't have a specific working directory.
I often have to create users to run specific binaries or scripts. Supposing that my binary is in /usr/bin and that my user will only be used by my init script to run this binary, can I simply run:
useradd --no-create-home
Or is it safer to specify a directory in /var, /tmp or else?
Best Answer
You can create something like
/var/empty
and use it for your all system users, or just specify something like/dev/null
as their home directory. I use the latter for system users that just run one binary (often service). If program wants to store something, I specify/srv/app
whereapp
is program name and make the directory for it.If programs like
useradd
require you to specify home directory, specify/var/empty
and create that directory as root:root 0755. Otherwise, just specify something invalid but sure existing, being it a file or directory. It also advised to specify a/bin/false
as a login shell, although it's easy to override.Or just specify
/
. It's no matter where their PWD will point to, if you want them not to write stuff, being in/
is normal as being in/var/empty
for example.