How do I create a new sudo-enabled user on my linux system?

Introduction

It is best practice, and under some circumstances - like those who deploy using the Guild operators scripts - to operate your node as a user that is not "root", but rather as a different but sudo-enabled user. This is a form of security that makes it more difficult for a hacker to try and break into the server system. Moreover, depending on where you host your server node you may find that your VPS provider only allows root access via a proprietary console which you access via the browser through their own portal using two-factor authentification, and so on.

The sudo command provides system administrators with a way to grant administrator privileges — ordinarily only available to the root user — to normal users.

In this tutorial, you’ll learn how to create a new user with sudo access on Ubuntu 20.04 without having to modify your server’s /etc/sudoers file.

Step 1 - Log in to Your Server

SSH into your server as the root user:

Or log in without an ssh client via the browser console provided by your VPS if you cannot access this publicly. Please check your VPS provider's FAQ or help section on how to log in as the root user their way.

ssh root@your_server_ip_address

Step 2 - Add the New User

Use the adduser command to add a new user to your system:

adduser johnny

Be sure to replace johnny with the username that you want to create.
It is even better practice to use a username that is hard to guess too. Like eden_lost_bc_22930, for example.

The underscore character is allowed as part of the username rules - along with digits. More info on this.

You will be prompted to create and verify a password for the user:

OUTPUT:

Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Subsequent to this you will be prompted to fill in some information about the new user.
It is fine to accept the defaults and leave this information blank:

OUTPUT:

Changing the user information for johnny
Enter the new value, or press ENTER for the default
    Full Name []:
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
Is the information correct? [Y/n]

Step 3 - Adding your New User to the sudo Group

Use the usermod command to add the newly created user to the sudo group:

usermod -aG sudo johnny

Step 4 - Test sudo Access for Your Newly Created User

To test that the new sudo permissions are working, first use the su command to switch to the new user account:

su - johnny

You will then be switched over as the current user in the session on your terminal with a prepend to the command line looking something like this: johnny@server_name:~s

As the new user, verify that you can use sudo by prepending sudo to the command that you want to run with superuser privileges. For example:

sudo ls -la /root

The system may ask you for your password to execute sudo commands:

OUTPUT:

[sudo] password for johnny:

Note: This is not asking for the root password! Enter the password of the sudo-enabled user you just created.

For Cardano Node Operators, those that installed the cardano node as root, you might find the output from the sudo command above (sudo ls -la /root) looking something like this:

OUTPUT:

johnny@some_server:~$ sudo ls -la /root
[sudo] password for johnny:
total 116
drwx------ 12 root root  4096 Sep  8 16:30 .
drwxr-xr-x 18 root root  4096 Jul 29  2020 ..
-rw-------  1 root root 16252 Dec  8 18:55 .bash_history
-rw-r--r--  1 root root  3492 Jul 30  2020 .bashrc
drwxr-xr-x  6 root root  4096 Jul 30  2020 .cabal
drwx------  2 root root  4096 Jul 29  2020 .cache
drwx------  4 root root  4096 Aug  9 01:15 .config
drwxr-xr-x  2 root root  4096 Jul 31  2020 downloads
drwxr-xr-x  6 root root  4096 Jul 30  2020 .ghcup
drwxr-xr-x  3 root root  4096 Sep  8 14:22 git
-rw-r--r--  1 root root 35791 Sep  8 16:23 gLiveView.sh
drwx------  3 root root  4096 Jul 29  2020 .gnupg
drwxr-xr-x  3 root root  4096 Jul 30  2020 .local
-rw-r--r--  1 root root   161 Dec  5  2019 .profile
-rw-r--r--  1 root root    66 Aug  4 20:21 .selected_editor
drwxr-xr-x  2 root root  4096 Jul 30  2020 .ssh
drwxr-xr-x  2 root root  4096 Jul 30  2020 tmp
-rw-r--r--  1 root root   180 Sep 26 23:18 .wget-hsts

If you did install the Cardano node as user root we recommend you transfer all the permissions on this node over to your new user so as to avoid the security implications of continuing as the root user when operating on your server.

 



This answer was published on 30 January 2021


https://cutt.ly/zkrNgly

 


Revision #5
Created Sat, Jan 30, 2021 9:17 AM by Clive Hyman
Updated Sat, Jan 30, 2021 11:37 AM by Clive Hyman