Domoticz User and SSH

Hi. Like many domoticz users, I have lots of connected devices I want to control, some of them being computers. The domoticz install on DietPi uses a user domoticz that is auto-created by the install - I have no idea or can’t remember if it asks for a password for that user, BUT, please remember that all scripts called from the application will run in that users context. I found this out trying to SSH with key access to an RPi Zero and it took a while to sort it out. I was loathe to change the domoticz user so I used a different method.

Like we do for many other apps and due to security reasons, we create individual users per app. Means most of apps have an own user. As well we create them without password and login possibility.

It is created as so called “system user”. There are a lot of such system users, all not intended for login but to grant/limit permissions for certain system tasks. Check:

getent passwd

All those with an ID (3rd column) below 1000 are system users. If your create a regular/login user, the ID will always be 1000 (in our case used by dietpi) or higher.

System users are not shown on (desktop) login prompts and similar, but it alone doesn’t rule out that someone can login with them. They additionally have no password set, or one with leading exclamation mark (lock). They often (but not always) have a nonexistent home directory (second last column), which is a login blocker as well (the home dir must exist for logins) and they use “nologin” or “false” as login shell (last column), which aborts successful logins as well, since those are no shells but just throw users out of the session.