google cloud platform – What is the best practice for managing Application Specific Users in GCP


Is there a “best practice” for managing application specific users for VMs in Google Cloud Platform? For example, in the old server world, you might have a “syslog” user for the syslog daemon, or an “nginx” user for nginx. In that world I would have created a “myapp” user for my application and then run the service under that user.

In the GCP world where we create VMs from stock images, the “myapp” user won’t exist. Of course, I could create one and make a custom image, but I’m curious if there’s a better (canonical GCP) way to do this.

This service does not need access to any Cloud APIs so service accounts don’t immediately make sense to me. Plus, I’m not sure I could specify a service account as the user in my systemd unit file.