Skip to main content

Setting up a new user in Ubuntu from scratch

Adding new users to Ubuntu is easy because of the convenience tools that exist.

Start with the command

sudo useradd -d /home/testuser -m testuser

This creates the user and sets up a default home directory.  The user doesn't have a password, but you could add one with passwd if you wanted to.

Then create a directory .ssh in their home directory.  Create a file called authorized_keys in the directory and copy in contents of the users public key into it.

Chown the .ssh directory (and file) to the user and chmod the file to 600.  The directory should be mode 700.

Make sure that /etc/sshd_config is set up to deny logging in by password.

If you want to set up their bash profile you can copy the ".profile" and ".bashrc" files to their home directory.  Remember to edit /etc/passwd and set their shell to bash.

The user should be able to login using their public key by setting up their .ssh/config on their home machine.
Host foo
HostName server.ip.address
User testuser
IdentityFile ~/.ssh/id_rsa
If you want to set them up with your custom bash stuff then remember to copy the files into their home directory and chown them.  You will need to change their shell to bash by editing /etc/passwd

If you want them to have administrative privilege on the machine you need to add them to the "sudo" group with this command :   usermod -aG sudo username.  Because you've disabled password access to the machine you'll need to add a new config file in /etc/sudoers.d that allows them to sudo without a password.  It will need to have a line like this: testuser ALL=(ALL) NOPASSWD:ALL

 If you're feeling lazy you might want to use a script.  I've created one and shared it below, but I strongly suggest that you rather write your own and don't use mine for anything other than an idea.  I'm not guaranteeing that it works or even that it's particularly useful.
Labels:

Comments

Post a Comment

Popular posts from this blog

Solving Doctrine - A new entity was found through the relationship

There are so many different problems that people have with the Doctrine error message: exception 'Doctrine\ORM\ORMInvalidArgumentException' with message 'A new entity was found through the relationship 'App\Lib\Domain\Datalayer\UnicodeLookups#lookupStatus' that was not configured to cascade persist operations for entity: Searching through the various online sources was a bit of a nightmare.  The best documentation I found was at  http://www.krueckeberg.org/  where there were a number of clearly explained examples of various associations. More useful information about association ownership was in the Doctrine manual , but I found a more succinct explanation in the answer to this question on StackOverflow . Now I understood better about associations and ownership and was able to identify exactly what sort I was using and the syntax that was required. I was implementing a uni-directional many to one relationship, which is supposedly one of the most simpl...
Post a Comment
Read more

Grokking PHP monolog context into Elastic

An indexed and searchable centralized log is one of those tools that once you've had it you'll wonder how you managed without it.    I've experienced a couple of advantages to using a central log - debugging, monitoring performance, and catching unknown problems. Debugging Debugging becomes easier because instead of poking around grepping text logs on servers you're able to use a GUI to contrast and compare values between different time ranges. A ticket will often include sparse information about the problem and observed error, but if you know more or less when a problem occurred then you can check the logs of all your systems at that time. Problem behaviour in your application can occur as a result of the services you depend on.  A database fault will produce errors in your application, for example. If you log your database errors and your application errors in the same central platform then it's much more convenient to compare behaviour between...
Post a Comment
Read more

Translating a bit of the idea behind domain driven design into code architecture

I've often participated in arguments discussions about whether thin models or thin controllers should be preferred.  The wisdom of a thin controller is that if you need to test your controller in isolation then you need to stub the dependencies of your request and response. It also violates the single responsibility principal because the controller could have multiple reasons to change.   Seemingly, the alternative is to settle on having fat models. This results in having domain logic right next to your persistence logic. If you ever want to change your persistence layer you're going to be in for a painful time. That's a bit of a cargo cult argument because honestly who does that, but it's also a violation of the single responsibility principal.   One way to decouple your domain logic from both persistence and controller is to use the "repository pattern".   Here we encapsulate domain logic into a data service. This layer deals exclusively with imple...
Post a Comment
Read more