Jump to content

Using system users for a given site


Recommended Posts

I created a specific Linux user responsible to host a given site, created a postgresql user and database with the same name, and created a pool, and all is good...  Almost.

How can I make the user a system user (i.e. useradd -r my_user) without a home?  Without a home, where should ssh keys go?  Anything need to be changed when creating the postgresql user?

Thanks

Link to comment
Share on other sites

SSH keys go in the home directory by default. You can change that in /etc/ssh/sshd_config by modifying the AuthorizedKeysFile directive to point where ever you want.

Edited by gw1500se
Link to comment
Share on other sites

Thanks gw1500se,

/etc/ssh/sshd_config has AuthorizedKeysFile set to the typical .ssh/authorized_keys.  But isn't this relative to the user's home?  And I thought that system users typically didn't have a home.  I didn't realize until now that when I create a new system user with the -r flag, /etc/passwd still shows it as having a home (i.e. my_user:x:983:979::/home/my_user:/bin/bash) even though there is no /home/my_user directory.  Now that I am thinking about it, seems like if I want the user to be able to use ssh keys, I will need to create a home for it and the only decision is whether I want to locate it in /home or somewhere else and I might as well located in /home (agree?).  

I was first thinking there might have been something special regarding the postgresql user because I was getting the following, however, I have since discovered that the user was still created and I get the same warning for even user's which do have a home.  I don't remember having this happen in the past but seems like a non-issue.

$ sudo -u postgres createuser my_user
could not change directory to "/home/michael": Permission denied


 

man useradd

       -r, --system
           Create a system account.

           System users will be created with no aging information in /etc/shadow, and their numeric identifiers are chosen in the SYS_UID_MIN-SYS_UID_MAX range, defined in /etc/login.defs, instead of UID_MIN-UID_MAX (and their GID
           counterparts for the creation of groups).

           Note that useradd will not create a home directory for such a user, regardless of the default setting in /etc/login.defs (CREATE_HOME). You have to specify the -m options if you want a home directory for a system account
           to be created.


 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.