How do I create a new sudo-enabled user on my linux system?
Introduction
It is best practice, and under some circumstances - like those who deploy using the Guild operators scripts - to operate your node as a user that is not "root", but rather as a different but sudo-enabled user. This is a form of security that makes it more difficult for a hacker to try and break into the server system. Moreover, depending on where you host your server node you may find that your VPS provider only allows root access via a proprietary console which you access via the browser through their own portal using two-factor authentification, and so on.
The sudo
command provides system administrators with a way to grant administrator privileges — ordinarily only available to the root user — to normal users.
In this tutorial, you’ll learn how to create a new user with sudo
access on Ubuntu 20.04 without having to modify your server’s /etc/sudoers
file.
Step 1 - Log in to Your Server
SSH into your server as the root user:
Or log in without an ssh client via the browser console provided by your VPS if you cannot access this publicly. Please check your VPS provider's FAQ or help section on how to log in as the root user their way.
ssh root@your_server_ip_address
Step 2 - Add the New User
Use the adduser
command to add a new user to your system:
adduser johnny
Be sure to replace johnny
with the username that you want to create.
It is even better practice to use a username that is hard to guess too. Like eden_lost_bc_22930
, for example.
The underscore character is allowed as part of the username rules - along with digits. More info on this.
You will be prompted to create and verify a password for the user:
OUTPUT:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Subsequent to this you will be prompted to fill in some information about the new user.
It is fine to accept the defaults and leave this information blank:
OUTPUT:
Changing the user information for johnny
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
Step 3 - Adding your New User to the sudo Group
Use the usermod
command to add the newly created user to the sudo group:
usermod -aG sudo johnny
Step 4 - Test sudo
Access for Your Newly Created User
To test that the new sudo
permissions are working, first use the su
command to switch to the new user account:
su - johnny
You will then be switched over as the current user in the session on your terminal with a prepend to the command line looking something like this: johnny@server_name:~s
As the new user, verify that you can use sudo
by prepending sudo
to the command that you want to run with superuser privileges. For example:
sudo ls -la /root
The system may ask you for your password to execute sudo commands:
OUTPUT:
[sudo] password for johnny:
Note: This is not asking for the root password! Enter the password of the sudo-enabled user you just created.
For Cardano Node Operators, those that installed the cardano node as root, you might find the output from the sudo command above (sudo ls -la /root
) looking something like this:
OUTPUT:
johnny@some_server:~$ sudo ls -la /root
[sudo] password for johnny:
total 116
drwx------ 12 root root 4096 Sep 8 16:30 .
drwxr-xr-x 18 root root 4096 Jul 29 2020 ..
-rw------- 1 root root 16252 Dec 8 18:55 .bash_history
-rw-r--r-- 1 root root 3492 Jul 30 2020 .bashrc
drwxr-xr-x 6 root root 4096 Jul 30 2020 .cabal
drwx------ 2 root root 4096 Jul 29 2020 .cache
drwx------ 4 root root 4096 Aug 9 01:15 .config
drwxr-xr-x 2 root root 4096 Jul 31 2020 downloads
drwxr-xr-x 6 root root 4096 Jul 30 2020 .ghcup
drwxr-xr-x 3 root root 4096 Sep 8 14:22 git
-rw-r--r-- 1 root root 35791 Sep 8 16:23 gLiveView.sh
drwx------ 3 root root 4096 Jul 29 2020 .gnupg
drwxr-xr-x 3 root root 4096 Jul 30 2020 .local
-rw-r--r-- 1 root root 161 Dec 5 2019 .profile
-rw-r--r-- 1 root root 66 Aug 4 20:21 .selected_editor
drwxr-xr-x 2 root root 4096 Jul 30 2020 .ssh
drwxr-xr-x 2 root root 4096 Jul 30 2020 tmp
-rw-r--r-- 1 root root 180 Sep 26 23:18 .wget-hsts
If you did install the Cardano node as user root we recommend you transfer all the permissions on this node over to your new user so as to avoid the security implications of continuing as the root user when operating on your server.
Links used in this answer:
- Guild Operators: https://cardano-community.github.io/guild-operators/#/basics
- What should be valid characters in usernames?: https://stackoverflow.com/questions/2053335/what-should-be-the-valid-characters-in-usernames
This answer was published on 30 January 2021
Shortcut link to this page:
https://cutt.ly/zkrNgly
No Comments