- How can I create a non-login user?
- 8 Answers 8
- How to Disable a User in Linux
- Disable User Account by Editing /etc/shadow
- Disable User Account With nologin or false Shells
- How to Create a Non-login User in Linux
- What Is a Non-login User in Linux?
- How to Create a User Without Login in Linux
- 1. Using the adduser Command
- 2. Editing the “/etc/passwd” File
How can I create a non-login user?
I’d like to create a user and a group both called subversion on a RHEL 5 system. I looked at the man page for useradd and I guess the command would be just be.
However, not sure how to avoid creating a home dir. Also, I don’t want it to be a user that can log in to the system. The main purpose is just to provide an owner for a SVN repository.
8 Answers 8
You can use the -M switch (make sure it’s a capital) to ensure no home directory will be created:
then lock the account to prevent logging in:
This isn’t a particularly strong answer, the user created by this means still has a shell. And you did not even warn the OP that this was the case. Retrospectively that would be usermod -s /bin/false subversion , or with —shell /bin/false to useradd
@beak actually only the root user would be able to su to the locked account, but why bother if the person has gained root access already? And setting the shell doesn’t do much when a user can run su -s /bin/bash username and bypass that.
thanks for taking the time to have the discussion, you are of course correct; but it pains me to see non-login users with shells defined, it strikes me as lazy, and incase someone is unfamiliar with the system, it’s nice that they can’t accidentally do something unintended; hackers are a different breed, if they already got a shell on the machine, I think it’s basically game over
You can use the following command:
For more info, check manual pages with this command:
You will find in this documentation the following flag that can be used for your purpose.
-r, --system create a system account The -r flag will create a system user — one which does not have a password, a home dir and is unable to login.
this command will even create a group for the user called the same. So the «subversion» user will be in the «subversion» group. Great for when you later want to do «sudo chown -R subversion:subversion /path/to/folder»
@c4il But the only one that can login into them is root, right? I mean, they don’t have a password, so I would expect only root to be able to log into them.
Another solution to create a system user, using adduser :
adduser --system --no-create-home --group yourusername You can remove —group if you don’t need group yourusername, and —no-create-home if you do need a home for this user.
As mentionned by py4on in comments, on some systems one may need to use the —disabled-login option in order to, well, disable login for this user. It seems to be the default behaviour under Debian, though.
Beware that the numeric ID of the user will be of a system account. You can fix the uid using the —uid option, though.
Finally, note that on some systems (e.g. Fedora) adduser is a symlink to useradd , in which case this answer is not valid.
How to Disable a User in Linux
Disabling a user account in Linux means the user can no longer login to the system. However, the account will still persist on the system, which makes it different than deleting a user account entirely.
You may need to disable a user account temporarily, or disable the login capability for a system account. In this guide, you’ll learn a few different methods of disabling a user account on Linux. You’ll also see how to re-enable the account.
Disable User Account by Editing /etc/shadow
The usermod command can be used to disable, or “lock,” a user account on Linux. Supply the -L (Lock) option in your command’s syntax, as seen below.
In reality, executing the usermod -L command is just adding an exclamation point the beginning of the user’s encryted password, stored inside the /etc/shadow file. You can observe this change by viewing the /etc/shadow file after disabling a user account.
# cat /etc/shadow | grep testuser testuser:!$6$Cf8K/f1kM4EIX2ut$T2u [. ]
If you need to re-enable the user in the future, use the -U (Unlock) option in your usermod command.
Doing so will remove the exclamation point from the /etc/shadow file, and the user can now login with the same password they had before. When checking /etc/shadow again, you’ll see the exclamation mark has disappeared.
# cat /etc/shadow | grep testuser testuser:$6$Cf8K/f1kM4EIX2ut$T2u [. ]
Disable User Account With nologin or false Shells
Another way to disable a user account is to change their default login shell. Most Linux systems will have either the /sbin/nologin or /usr/sbin/nologin shells available.
Use the usermod command and -s option to change a user’s shell to /sbin/nologin .
# usermod testuser -s /sbin/nologin
After executing the command, you can view the /etc/passwd file to see that the account’s login shell has been changed.
# cat /etc/passwd | grep testuser testuser:x:1001:1003::/home/testuser:/sbin/nologin
How to Create a Non-login User in Linux
If you are a system administrator and are looking for ways to make your Linux system more secure or want to automate certain processes, creating a non-login user is the solution. Non-login users can prove to be very useful for a variety of cases right from limiting access to your Linux system to running specific processes with restricted privileges. Here, we will guide you through the steps to create a non-login user in Linux and set the appropriate permissions for them.
What Is a Non-login User in Linux?
A non-login user is a type of user account that has restricted access to the Linux system and can only perform specific tasks or run certain processes without logging into the system. Unlike regular users, non-login users do not have access to a regular shell or the home directory. Hence, they cannot log in to your Linux PC. Some common uses of creating a non-login user are to automate tasks, run specific processes or improve your system’s overall security by restricting access.
How to Create a User Without Login in Linux
- Any Linux-based operating system (preferably the latest version)
- A user with root access or sudo privilege
Now that you have the prerequisites, we will now discuss using the adduser command and editing the passwd file to create non-login users in Linux.
1. Using the adduser Command
Thanks to its simplicity and easy-to-use syntax, we generally use the “adduser” command to create new users in Linux. The basic syntax to create a user using the adduser command is:
sudo adduser --system --no-create-homeIn the above syntax, the “–system” option creates a new user account without a password and without a shell. Furthermore, to prevent the command from creating a new home directory, we use the “–no-create-home” option here. Other common options you can pair with the command are:
| Options | Description |
|---|---|
| —disabled-login | If used, the user won’t be able to use the account until the password is set. |
| —gid ID | When creating a user, this option will put the user in that group. |
| —home | Use as the user’s home directory, rather than the default location. |
| —shell | Use as the user’s login shell, rather than the default shell. |
| —debug | Shows informational messages on every operation taking place. |
For example, to create a non-login user with the username “test_user” in Linux, use this command:
sudo adduser test_user --system --no-create-home
Once the new user is created, you can now set permissions for various processes and tasks. You can learn how Linux file permissions work using the linked article.
2. Editing the “/etc/passwd” File
- Open the Terminal in your Linux system.
- Then, use the nano command in Linux to open the “/etc/passwd” file. You can use any other Linux text editor you like, but if you’re following along, then paste the following command in the Command Line:
For example, we use the command below to create a non-login user named “new_user” on our Linux system:
new_user:x:1001:1001:New Non-Login User:/dev/null:/bin/false
- Finally, save and exit the nano editor for the changes to take place. If you are using the Vim editor, follow our guide to learn how to exit the Vim editor in Linux.
- Once the new user is created, you can now adjust the permissions for it for various processes and tasks.
Note : Always keep a backup of the “/etc/passwd” file as modifying this file is risky, and in the worst case, it can render your system useless.
Frequently Asked Questions
There are three types of users in Linux:
1. Super User: It is a type of user with the highest level of permissions in the system; also known as the “root user”
2. Normal User: These types of users have restricted access to the commands and files along with a shell and a home directory.
3. System User: Also known as the “Non-login” user; they neither have access to a shell nor to a home directory. All they have access to is some specific commands they are allowed to run.
To view all users present in the Linux system, use this command: cat /etc/passwd