138
62
I'd like to create a user and a group both called subversion on a RHEL 5 system. I looked at the man page for useradd and I guess the command would be just be...
useradd subversion
However, not sure how to avoid creating a home dir. Also, I don't want it to be a user that can log in to the system.
The main purpose is just to provide an owner for a SVN repository.
Ethan
Posted 2009-12-02T00:47:25.217
Reputation: 2 781
81
You can use the -M switch (make sure it's a capital) to ensure no home directory will be created:
useradd -M subversion
then lock the account to prevent logging in:
usermod -L subversion
John T
Posted 2009-12-02T00:47:25.217
Reputation: 149 037
1I had a problem with useradd -M hanging, but this worked fine: adduser --no-create-home --disabled-login USERNAME – Steve Clay – 2015-02-05T15:25:23.570
I was curious about this conversation and did some man page reading. I successfully unlocked an account by changing the password (using root of course). The point is however that if one is able to alter the password, the -L lock can be avoided. I think the shell thing is relevant if you want backup . – will – 2016-06-04T12:27:03.797
2All it takes is one bug in the shell and this is a recipe for disaster. useradd -s /bin/false username is highly preferable. (usermod would modify an existing user) – NightKnight on Cloudinsidr.com – 2016-11-25T14:25:09.023
@LeeHambley I see a lot of criticism and discussion but I don't see a separate answer from you. It would be better for you to post the process that you consider to be correct. – jcollum – 2019-02-02T22:35:00.283
useradd -M username assigns a home dir to the user without creating it. What you are looking for is a user that doesn't have a home. – NightKnight on Cloudinsidr.com – 2019-05-28T09:53:11.977
64This isn't a particularly strong answer, the user created by this means still has a shell. And you did not even warn the OP that this was the case. Retrospectively that would be usermod -s /bin/false subversion, or with --shell /bin/false to useradd – Lee Hambley – 2011-09-14T16:55:19.900
9@beak the account is locked, having a shell is a moot point. – John T – 2011-09-14T22:55:20.770
4except that one can still su to a locked account, that's not true with an account with no shell. A small point, but with server management it doesn't hurt to be thorough – Lee Hambley – 2011-09-15T11:39:38.557
16@beak actually only the root user would be able to su to the locked account, but why bother if the person has gained root access already? And setting the shell doesn't do much when a user can run su -s /bin/bash username and bypass that. – John T – 2011-09-15T22:44:16.797
14thanks for taking the time to have the discussion, you are of course correct; but it pains me to see non-login users with shells defined, it strikes me as lazy, and incase someone is unfamiliar with the system, it's nice that they can't accidentally do something unintended; hackers are a different breed, if they already got a shell on the machine, I think it's basically game over – Lee Hambley – 2011-09-16T06:43:52.493
13These comments covered exactly the things I was hoping to learn, thanks @Beaks && John T – Rixius – 2013-02-14T20:27:37.663
229
You can use the following command:
useradd -r subversion
For more info, check manual pages with this command:
man useradd
You will find in this documentation the following flag that can be used for your purpose.
-r, --system create a system account
The -r flag will create a system user - one which does not have a password, a home dir and is unable to login.
rynop
Posted 2009-12-02T00:47:25.217
Reputation: 2 398
8@c4il But the only one that can login into them is root, right? I mean, they don't have a password, so I would expect only root to be able to log into them. – Camilo Martin – 2014-07-12T20:48:12.860
but we can assign them passwords anyways, I tried passwd subversion. – Shayan – 2019-09-21T17:26:14.253
1this command will even create a group for the user called the same. So the "subversion" user will be in the "subversion" group. Great for when you later want to do "sudo chown -R subversion:subversion /path/to/folder" – s3v1 – 2013-08-15T12:07:04.853
50with -r alone we can still login though. we need -s /bin/false to disable the user shell. – c4il – 2013-10-25T13:27:41.920
22
Another solution to create a system user, using adduser :
adduser --system --no-create-home --group yourusername
You can remove --group if you don't need group yourusername, and --no-create-home if you do need a home for this user.
As mentionned by py4on in comments, on some systems one may need to use the --disabled-login option in order to, well, disable login for this user. It seems to be the default behaviour under Debian, though.
Beware that the numeric ID of the user will be of a system account. You can fix the uid using the --uid option, though.
Finally, note that on some systems (e.g. Fedora) adduser is a symlink to useradd, in which case this answer is not valid.
Skippy le Grand Gourou
Posted 2009-12-02T00:47:25.217
Reputation: 1 349
3To address "I don't want it to be a user that can log in" add the flag --disabled-login as well (before yourusername) – toxefa – 2015-07-30T10:37:34.190
@py4on : Though this option is documented in the manpage, it seems to be the default under Debian at least. – Skippy le Grand Gourou – 2015-08-01T19:59:13.490
17
The cleanest answer to the original question is to run the command:
adduser subversion --shell=/bin/false
And if you don't want the home directory either:
adduser subversion --shell=/bin/false --no-create-home
or, if you want an even more locked down system user (Normally this won't create a home directory - it has been reported that it will still create a home directory in linux mint as per comment below)
adduser subversion --system --group
All these commands will create a group with the same name as the user
TimmyGee
Posted 2009-12-02T00:47:25.217
Reputation: 171
On Mint the last command definitely creates a home dir: Creating home directory '/home/nodejs' ... – jcollum – 2019-02-02T22:38:02.053
13
The safest form of doing this would be to use adduser like so:
$ adduser -r -s /bin/nologin subversion
NOTE: Be sure to include -s /sbin/nologin to disable any login shell from being made available to the account.
$ grep subversion /etc/passwd /etc/shadow
/etc/passwd:subversion:x:496:496::/home/subversion:/bin/nologin
/etc/shadow:subversion:!!:17232::::::
However there's no directory:
$ ll /home | grep subversion
$
Confirm that the account is otherwise usable:
$ sudo -u subversion whoami
subversion
$ sudo -u subversion date
Tue Mar 7 08:58:57 EST 2017
If you need to remove this account:
$ userdel subversion -r
userdel: subversion mail spool (/var/spool/mail/subversion) not found
userdel: subversion home directory (/home/subversion) not found
$
And confirm:
$ grep rtim-hc-user /etc/passwd /etc/shadow
$
slm
Posted 2009-12-02T00:47:25.217
Reputation: 7 449
1adduser doesn't recognize the -r option. I think you meant useradd. – felwithe – 2017-07-29T16:30:31.697
@felwithe no, every answer I write up I always test before posting. I checked and that switch shows on a CentOS 6.x system. – slm – 2017-07-29T20:10:01.940
Here is a pastebin of the result. I'm on Ubuntu 16 LTS. I don't know what version of adduser is installed but I never imagined it would change much over time or system to system. I then tried it with a --system flag instead, which created a homedir for the user (I didn't want one). Finally I just did it with useradd instead of adduser and it worked as planned. So I just assumed that you'd mistyped it as adduser when it was supposed to be useradd.
– felwithe – 2017-07-30T00:18:14.203@felwithe yeah I wasn't doubting you, just letting you know that I tried it 8-). I'm a mod on the Unix and Linux site and these cmds are notoriously different b/w distros. The OP mentions RHEL in the question hence why I answered it like so, but they didn't tag it as red hat specific, which is part of the confusion on this Q&A IMO. – slm – 2017-07-30T00:31:42.033
1
On a CentOS 7 machine you can use the following commands:
If the user does not exist:
useradd testuser --shell=/sbin/nologin
if you want to modify an existing user:
usermod testuser --shell=/sbin/nologin
lauc.exon.nod
Posted 2009-12-02T00:47:25.217
Reputation: 111
0
Start by generating an encrypted password for the user with a maximum of 8 characters long by doing:
openssl passwd -crypt new_password_less_than_eight_chars_long
Then you do:
useradd -m -g groupname -G otherGroupsSeperatedByComma -p encryptedPassword username
user1047344
Posted 2009-12-02T00:47:25.217
Reputation: 9
0
In Debian, you could create a system user (without home directory) and login shell:
useradd --system --shell=/usr/sbin/nologin <username>
If your nologin program is in /sbin/nologin, please change accordingly.
yoonghm
Posted 2009-12-02T00:47:25.217
Reputation: 101
Have you really looked at man page of useradd and didn't find -M (do not create HOME directory)? – inemanja – 2018-10-17T11:42:34.070