Tuesday, May 7, 2024
Homepage · 12.04
 Popular · Latest · Hot · Upcoming
1
rated 0 times [  1] [ 0]  / answers: 1 / hits: 407  / 1 Year ago, sat, february 25, 2023, 2:24:59

I created a system user through adduser command for use in an application I installed. This user is supposed to run application-specific processes and such (think of postgres system user doing nothing but running postgres related stuff)



Because this user doesn't do anything except do the application's bidding, is there a way to prevent a human from logging in with this user? This user isn't part of any groups (so I don't have to worry about ssh logins or other group perms). I have read that not having a home folder will help prevent logins, but I needed a home folder for this user because that's where I compiled/installed the application.



Aside from preventing a human from logging in to this user account, is there other security considerations to consider?


More From » 12.04
 Answers
0

There are two things you should do to prevent people from using this user account like a "real human user account."



Since no one ever has to log in as this account for any purpose, the first and most important thing you should do is to ensure password authentication can never succeed. guntbert's excellent answer explains this in detail. In summary, you can run:



sudo passwd -l user


Separately from that, it's also a good idea to set the user's login shell to something that performs no operation and immediately quits:



sudo chsh -s /bin/false user


That way:




  • Logging in as the user using a mechanism other than password authentication (such as key-based authentication) to obtain a shell will typically fail. However, it may still be possible for some SSH-related functionality to work.



    For example, if key-based authentication is enabled for the user, someone can still use it to authenticate and open an SSH connection for scp or sftp or to create an encrypted tunnel, and might possibly access other functionality.


  • Attempts to simulate a login shell will typically fail. However, someone who can run programs as root or who has some non-password-based way to authenticate as the user can still often run a non-login shell, which provides the same capabilities as a login shell.



    For example, setting user's shell to /bin/false will prevent su - user and sudo -i -u user (among others) from working, even if run as root. But they will not prevent su user, sudo -s -u user, or sudo -u user bash (among others) from working when they are run as root.




Clearly, disabling the login shell of a user who already cannot log in via password authentication and who does not already have key-based authentication configured does not confer a great deal of security benefit. So, why do it? Because:




  • It is likely to help remind users who do have administrator powers to think twice before logging in (or simulating a login) as user.


  • Setting a user's shell to something nonfunctional is a convenient and usually effective way of showing anyone reading /etc/passwd that the user does not represent a human being and is not intended to be impersonated interactively.



    (In Ubuntu and other modern Unix-like systems /etc/passwd stores account information but not the actual password hashes--those are in /etc/shadow. /etc/passwd can be viewed by all or most human users on the system, including non-administrators.)


  • If for any reason password authentication is re-enabled for the user, then the user's login shell being nonfunctional does typically afford a substantial security benefit.



[#30345] Saturday, February 25, 2023, 1 Year  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
oredoise
Add To Favorites
Follow
Total Points: 66
Total Questions: 116
Total Answers: 111
Location: Lebanon
Member since Sun, Aug 2, 2020
4 Years ago
;