How do I create a new sudo-enabled user on my linux system?
It is best practice, and under some circumstances - like those who deploy using the Guild operators scripts - to operate your node as a user that is not "root", but rather as a different but sudo-enabled user. This is a form of security that makes it more difficult for a hacker to try and break into the server system. Moreover, depending on where you host your server node you may find that your VPS provider only allows root access via a proprietary console which you access via the browser through their own portal using two-factor authentification, and so on.
sudo command provides system administrators with a way to grant administrator privileges — ordinarily only available to the root user — to normal users.
In this tutorial, you’ll learn how to create a new user with
sudo access on Ubuntu 20.04 without having to modify your server’s
Step 1 - Log in to Your Server
SSH into your server as the root user:
Or log in without an ssh client via the browser console provided by your VPS if you cannot access this publicly. Please check your VPS provider's FAQ or help section on how to log in as the root user their way.
Step 2 - Add the New User
adduser command to add a new user to your system:
Be sure to replace
johnny with the username that you want to create.
It is even better practice to use a username that is hard to guess too. Like
eden_lost_bc_22930, for example.
The underscore character is allowed as part of the username rules - along with digits. More info on this.
You will be prompted to create and verify a password for the user:
OUTPUT: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Subsequent to this you will be prompted to fill in some information about the new user.
It is fine to accept the defaults and leave this information blank:
OUTPUT: Changing the user information for johnny Enter the new value, or press ENTER for the default Full Name : Room Number : Work Phone : Home Phone : Other : Is the information correct? [Y/n]
Step 3 - Adding your New User to the sudo Group
usermod command to add the newly created user to the sudo group:
usermod -aG sudo johnny
Step 4 - Test
sudo Access for Your Newly Created User
To test that the new
sudo permissions are working, first use the
su command to switch to the new user account:
su - johnny
You will then be switched over as the current user in the session on your terminal with a prepend to the command line looking something like this:
As the new user, verify that you can use
sudo by prepending
sudo to the command that you want to run with superuser privileges. For example:
sudo ls -la /root
The system may ask you for your password to execute sudo commands:
OUTPUT: [sudo] password for johnny:
Note: This is not asking for the root password! Enter the password of the sudo-enabled user you just created.
For Cardano Node Operators, those that installed the cardano node as root, you might find the output from the sudo command above (
sudo ls -la /root) looking something like this:
OUTPUT: johnny@some_server:~$ sudo ls -la /root [sudo] password for johnny: total 116 drwx------ 12 root root 4096 Sep 8 16:30 . drwxr-xr-x 18 root root 4096 Jul 29 2020 .. -rw------- 1 root root 16252 Dec 8 18:55 .bash_history -rw-r--r-- 1 root root 3492 Jul 30 2020 .bashrc drwxr-xr-x 6 root root 4096 Jul 30 2020 .cabal drwx------ 2 root root 4096 Jul 29 2020 .cache drwx------ 4 root root 4096 Aug 9 01:15 .config drwxr-xr-x 2 root root 4096 Jul 31 2020 downloads drwxr-xr-x 6 root root 4096 Jul 30 2020 .ghcup drwxr-xr-x 3 root root 4096 Sep 8 14:22 git -rw-r--r-- 1 root root 35791 Sep 8 16:23 gLiveView.sh drwx------ 3 root root 4096 Jul 29 2020 .gnupg drwxr-xr-x 3 root root 4096 Jul 30 2020 .local -rw-r--r-- 1 root root 161 Dec 5 2019 .profile -rw-r--r-- 1 root root 66 Aug 4 20:21 .selected_editor drwxr-xr-x 2 root root 4096 Jul 30 2020 .ssh drwxr-xr-x 2 root root 4096 Jul 30 2020 tmp -rw-r--r-- 1 root root 180 Sep 26 23:18 .wget-hsts
If you did install the Cardano node as user root we recommend you transfer all the permissions on this node over to your new user so as to avoid the security implications of continuing as the root user when operating on your server.
Links used in this answer:
- Guild Operators: https://cardano-community.github.io/guild-operators/#/basics
- What should be valid characters in usernames?: https://stackoverflow.com/questions/2053335/what-should-be-the-valid-characters-in-usernames
This answer was published on 30 January 2021
Shortcut link to this page: