Created a user for running a daemon exposed to the net.
Useradd doesn't assign a password or shell to a newly created user.
How safe is this security wise?
Should I configure it with bin/false?
Also: upon executing su - username I get:
Cannot execute bin/bash: No such file or directory
Root uses bin/ash (busybox)
I'd say you respected current linux security requirements so you're fine
owrt using ash shell not bash by default. useradd is not part of either the base system. but something is weird: you have a new user created with /bin/bash as login shell but as it does not exist by default hence you received the error message when you tried to su; or something funny happens. it is better to explicitly state /bin/false as your login shell imho.