Mostly Unixish
Don't give a shell to system users - use su
I seem very ancientwisdom-oriented these days. Sometimes you've got a system user on your linux server that's used to run a specific service; it's a good practice to employ those users to achieve privilege separation, since it limits the impact of many security breaches.