New Users

Creating/Modifying Users

We've logged into the new server. We can now setup this server to be run as a web application server.

Some Basics

I'm going to use the following tools often, so let's just install some utilities now:

sudo apt-get install -y tmux vim curl wget unzip htop

Next, we'll create some users so we can stop logging in as the root user.

Login

By default, we only get the root user to log in. As we saw in the last video, that looked like this:

ssh -o "IdentitiesOnly yes" -i ~/.ssh/id_series root@45.55.209.211

New User

Now if we didn't want user root (or any password-less sudo user, e.g. what AWS provides), we can add:

  1. A new admin user, who will be able to run sudo commands (with a password)
  2. A new application user, who will be used to run our application but won't have sudo privileges (yet)

Let's add two new users:

sudo adduser admin
sudo adduser serial

Then we can check them out by looking in the /etc/passwd file:

cat /etc/passwd | grep admin
cat /etc/passwd | grep serial

Our new user admin in the video has a uid/gid of 1001 (anything over 1000 is a non-system user). The user's home directory exists (/home/admin) and the user's shell (the shell used when they log in) is defined as /bin/bash:

admin:x:1001:1001:,,,:/home/admin:/bin/bash

Sudo Privileges

We want the admin user to be able to run sudo commands. Let's add that user into the sudo group:

usermod -a -G sudo admin

# Confirm user is in admin group
groups admin

Local SSH Key to new users

Now we want to be able to log in as these users using the same SSH key we created before.

Like in the last video, let's copy public key we made to both new user's authorized_keys directory using ssh-copy-id. Note that we created id_series in the previous video:

ssh-copy-id -i ~/.ssh/id_series -o "PubkeyAuthentication no"
    admin@45.55.209.211

ssh-copy-id -i ~/.ssh/id_series -o "PubkeyAuthentication no"
    serial@45.55.209.211

Then SSH in from local to test it works using the same commands as before, but changing the user (admin and appuser).

Do this carefully, so as not to get locked out! Keep a connection open in another tab in your terminal just in case something goes wrong.