Today I learned that a Systemd unit can spawn a temporary user for a
service. The user is not inserted in /etc/passwd etc. It's just created
for the lifespan of the service.
Quite cool if you want to run something simple, perhaps if you don't need IPC. The systemd.exec has it documented.