What's the difference between `ghost` and `ghost-mgr` users

As I understand ghost-cli creates two users: ghost and ghost-mgr. I’m executing all commands related to ghost-cli using ghost-mgr user, what’s the purpose of the second ghost user?

The purpose of the ghost user is described in the docs here https://ghost.org/docs/api/v2/ghost-cli/knowledgebase/#permissions. ghost-cli itself doesn’t create or use a ghost-mgr user.

Did you install using the DigitalOcean 1-click install? That does use a ghost-mgr user as a general user account.

Thanks for the quick reply!

Yes, I did, here’s the message I get when I access a shell:

Please switch to the ghost-mgr user to manage Ghost via the CLI:
sudo -i -u ghost-mgr

I just checked the ghost process and here’s what I’ve got:

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
ghost    23689  0.0  0.5 945680 42996 ?        Ssl  10:22   0:01 ghost run
ghost    23713  1.9  1.8 2137240 152488 ?      Sl   10:22   4:39 /usr/bin/node current/index.js

So it seems that ghost user is used to run the ghost server, which is according to the docs you linked:

The ghost user will be used to run your Ghost process in systemd .

I’m wondering why I need ghost-mgr then?

ghost-mgr is the non-root user account that the DO 1-click sets up for you, it could just as easily be called maxkoretskyi but when using the 1-click there’s no way for DO to know that ahead of time so it sets up a generic user name.

As mentioned in the linked doc, the ghost user does not have any system-wide permissions or have a shell so you wouldn’t be able to use that to log in or perform any system maintenance.

Thanks, that clears things up.

ghost-mgr is the non-root user account that the DO 1-click sets up for you, it could just as easily be called maxkoretskyi but when using the 1-click there’s no way for DO to know that ahead of time so it sets up a generic user name.

So am I right that if I created maxkoretskyi user I don’t really need ghost-mgr? The ghost-cli though gives me this warning when I run $ ghost restart as maxkoretskyi:

You can’t run commands as the ‘root’ user.
Switch to your regular user, or create a new user with regular account privileges and use this user to run ‘ghost restart’.
For more information, see https://docs.ghost.org/install/ubuntu/#create-a-new-user-.

I suppose it’s because maxkoretskyi belongs to the sudo group, correct?

As mentioned in the linked doc, the ghost user does not have any system-wide permissions or have a shell so you wouldn’t be able to use that to log in or perform any system maintenance.

So is ghost something like a system user?

$ useradd -r ghost

The -r flag will create a system user - one which does not have a password, a home dir and is unable to login.