Skip to main content

Ubuntu: Converting a System Account to Interactive

Sometimes, you will come across software applications and platforms that will run under a system account.
This is fine and dandy out of the box.

But once you need to expand the functionality of the software application. you find that the system account has no defined bash shell, no password, and no profile.

For example: This is the case when adding features to a Jenkins build server.
The Jenkins service runs as a system account, named: jenkins.
And, it executes build pipeline scripts under that user context.
The problem is, there's no easy way to install user-specific software packages to the jenkins user, without being able to login or switch to it.

So, here are steps for how to modify a system account.

Locating User Home

First thing that needs to be done, is to locate the home path for the system account.

This is stored in /etc/passwd, as the second to last field of the user record.

Here's an example of what the home path looks like for a Jenkins user:

image.png

For normal users, this will be /home/<username>.

But for system accounts, it can be anything.
And as such, you need to pull it out of /etc/passwd, to know where to do later steps in this article.

Adding a Shell to a System User

A system user account has no defined shell.
This can be seen by finding the user record in: /etc/passwd, and locating the last field.

For a system account, it will be set to: /bin/false, or /usr/nologin.

You don't necessarily need to assign a shell to a system account to impersonate it in a shell.
It is possible to temporarily open a shell and impersonate the system account.
See this page for how to do that: Linux: Impersonating Users

This command will assign a permanent shell to the system account:

sudo usermod -s /bin/bash <username>

Once done, you can switch to the system account, with this:

sudo su jenkins

Adding a Profile to a System User

If you run across a software package that installs on a per-user basis, such as NVM or NPM, your system account may need a profile file to exist, or the software package installer might fail to complete, as it cannot find a suitable profile file for the system account.

To fix this, you need to copy in a skeleton profile file from /etc/skel, into the home folder of the system account.

To do this, locate the HOME path for the system user (see above), and copy the profile file into it, with this:

sudo cp /etc/skel/.bashrc /<homepath>/.bashrc

As an example, the following will copy the skeleton bash profile file into a Jenkins account's HOME folder, and assign the correct permissions:

sudo cp /etc/skel/.bashrc /var/lib/jenkins/.bashrc
sudo chmod 644 /var/lib/jenkins/.bashrc

No Comments
Back to top