Is it possible to create Unix users with no login?

I’m interested in running The Littlest JupyterHub on my program’s servers.

One issue is this:

When a new JupyterHub user logs in, a unix user is created for them. The unix user is always added to the jupyterhub-users group. If the user is an admin, they are added to the jupyterhub-admins group whenever they start / stop their notebook server.

(from this tljh docs page).

From looking at the source code, this user creation seems to happen in tljh/user.py with the code

    subprocess.check_call(["useradd", "--create-home", username])

    subprocess.check_call(["chmod", "o-rwx", expanduser(f"~{username}")])

    pm = get_plugin_manager()
    pm.hook.tljh_new_user_create(username=username)

I assume the first line runs the Unix command $ useradd --create-home <username>, which creates a user who has an OS-level login. Our server hosts place restrictions on what types of users we can create, and in particular we cannot create new users with OS logins, we can only create system users like www-data for Apache.

Is the login necessary for this process? Hypothetically, if we maintained our own fork of TLJH with the user creation command replaced with something like

$ adduser --system <username>,

which creates a user with a home folder but with login disabled, can anyone say immediately why this would fail, or is it worth taking the time for us to experiment?

TLJH uses systemdspawner. I don’t know if a system user affects now it works. The best thing to do is to try it, and report back so others can benefit from your investigation!

Thanks, I didn’t know about ‘systemd-spawner’. Its README has this tidbit:

If running with c.SystemdSpawner.dynamic_users = True, no local user accounts are required. Systemd will automatically create dynamic users as required. See this blog post for details.

That and the linked blog post bode favorably for this. I won’t be able to experiment directly for several weeks, so any futher input from anyone is welcome.