I'm setting up a backend service using nginx + gunicorn and I want to run the gunicorn part as a service automatically using systemd but I want to create a separate user and group for that so it's not running with root privilege.

Anyway when I run the command sudo adduser backend it didn't present me with any prompts, it just created the user with defaults. It also didn't ask me to specify a password. These are the defaults

I found that group 100 is the 'users' group. But I will change that and create a new group with the same name 'backend'.

My systemd service file looks similar to this

I noticed there is no password specified in all the examples I looked at for the systemd service file. What do I do about the password, do I give the new user a password, or create it without one? And how does the service work without entering a password?

I don't know enough to answer your question, but I think you may find this article helpful. It has a section specifically about permissions.

'adduser' is often a distro specific convenience frontend script for creating "normal" interactive users. For system users such as you are creating you really want to use the underlying groupadd and useradd commands.

In general "system" users like this typically don't have a password set but a common practice for "system accounts" is the set the password field to 'x' (which will never match a supplied password), So, assuming UID/GID 500 is free:

groupadd -g 500 backend
useradd -r -p x -u 500 -g backend -C "system account for gunicorn" backend

I wouldn't expect systemd to have a problem with a user setup this way, but I'm not much of a systemd guy.