# How to create/add a system account



## fwyKKCkQze2z (Mar 29, 2019)

Hi Forums

This one has been bugging me for quite some time now: how do you create (or remove, for that matter) a "system account" in FreeBSD? The Handbook's section 3.3.1.1 mentions "Systems Accounts" and what they are used for (to run software), but does not say how to set one up: Users and Basic Account Management.

Is this also done with `adduser`?

If I want to run custom software, it might make sense to use/set up a custom system account too, right? But how?


----------



## tommiie (Mar 29, 2019)

System accounts are normal user accounts but more limited, e.g. no shell and no home directory. Their user ID is usually under 1000 but that is not a requirement. In fact, system accounts are just plain user accounts but called that way because a service which starts as the root user drops its privileges to this account with limited privileges (hence the no shell or home directory).

As an example, Apache/nginx use the system account 'httpd' (or similar) to which they drop their privileges after the initial setup. This user should not own any files (not even the website files), nor have a shell, nor have a home directory, etc.


----------



## fwyKKCkQze2z (Mar 29, 2019)

Thanks, tommiie



tommiie said:


> System accounts are normal user accounts but more limited, e.g. no shell and no home directory. Their user ID is usually under 1000 but that is not a requirement. In fact, system accounts are just plain user accounts but called that way because a service which starts as the root user drops its privileges to this account with limited privileges (hence the no shell or home directory).
> 
> As an example, Apache/nginx use the system account 'httpd' (or similar) to which they drop their privileges after the initial setup. This user should not own any files (not even the website files), nor have a shell, nor have a home directory, etc.



Unfortunately, this is basically what I do know. What I do not know is how to create/set up such an account... Would I use `adduser` but not set a home and shell and lock the account (and maybe a UID below 1000 (or whatever FreeBSD's equivalent of /etc/login.defs says)?


----------



## SirDice (Mar 29, 2019)

You can use adduser(8) but pw(8) is generally easier for this.


----------



## k.jacker (Mar 29, 2019)

pw(8) is quite a read, so for convenience I'd like to provide you with a little example.

`pw useradd foo -u 990 -c "Captain Foo,Testlab" -s /usr/sbin/nologin -G group1,group2,group3`

By default, pw will not create a home directory and the shell will be set to /bin/sh if you omit the -s option.
Groups can be provided separated by comma, or separated by spaces when quoted (which is handy when the groups are output from a script).

For a quick look at pw useradd's options, `pw useradd help` is easier then the manpage.

To remove a user: rmuser(8)

Hope that get's you started


----------



## fwyKKCkQze2z (Mar 29, 2019)

Wow, thanks everyone. That was quick and is very much appreciated. This all will get me going.


----------

