6

What is the good way to create a user with no password? By no password, I mean an account, that would be usable only by the root account using the su/sudo commands (like the "nobody" user used by Apache or Nginx).

I've read that putting a * in the password field of the /etc/shadow file works but I'd like to know if there is a way to do it with the useradd command.

I thought of doing:

useradd my_new_user -s /sbin/nologin -p '*'

but I'm not sure the useradd command can be used this way. I haven't found any reference about it.

John Smith Optional
  • 472
  • 2
  • 9
  • 18

2 Answers2

5

This works the way you described (of course you can specify whichever shell you'd like in place of /bin/bash):

root# useradd temp_test1 -s /bin/bash -p '*'
root# su temp_test1
temp_test1#

After executing the above useradd command, the following entry is in my /etc/shadow file:

temp_test1:*:15842:0:99999:7:::

When using John Smith Optional's answer, the following will work:

root# useradd temp_test2 -s /sbin/nologin
root# su -s /bin/bash temp_test2
temp_test2#

EDIT: I'd like to point out that the difference is that you cannot su into an account which has the shell specified as /sbin/nologin unless you specify a usable shell when issuing the su command:

root# useradd temp_test3 -s /sbin/nologin
root# su temp_test3
This account is currently not available.
root#

(Tested in CentOS 6.4 -- should work in a variety of distros).

s.co.tt
  • 662
  • 7
  • 15
2
useradd my_new_user -s /sbin/nologin

If a password is not specified, one is not created/account disabled.

David Houde
  • 3,160
  • 1
  • 15
  • 19