Community Wiki

From (mt) Community Wiki

You may want to add new users and groups to your server for a number of reasons. You can create:

• An administrator login with significant server access.
• A limited user for each domain, to aid in security.
• An FTP or SSH user with access to a specific project.

Results

You will add a new user or group to your server. This will allow access to your server for the directories and files you specify.

Add group

1. Log into your server with a root or sudo user via SSH.
2. Run the following command (replacing mygroup with your desired name):

   groupadd mygroup
   

3. That's it. If you want to do a little more complex manipulation with your users and groups, see this nixCraft article.

Add user

If you are planning to add a user to a group that does not exist, add the group first. Three types of users are presented below, but there are many other possibilities. For more on the useradd command, see Linux.About.com.

Administrator

An administrator can be created with default options. This will give him/her a private home directory to use for downloads and personal projects, and SSH access with the default shell. You will likely want to grant this user sudo access as well, so s/he can modify important files on the server.

1. Log into your server with a root or sudo user via SSH.
2. Run this command to add the user with a home directory of /home/admin1/ (replace admin1 with your desired username):

   useradd -D admin1
   

   • -D means that default settings will be used.
3. Open the sudoers file with this command:

   visudo
   

4. Add the user to the file. This example grants full sudo priveleges to the user admin1 anywhere on the server.
   sudoers

   admin1 ALL=(ALL) ALL
   

   vi tip: Press "i" to enter "insert mode" so you can type and copy/paste. Press "Esc" to exit "insert mode" when you are done modifying the file. Type ":wq" to save and quit.

   For a detailed explanation of sudo, see Linux Home Networking.

5. Set a password for your new user (replace admin1 with your own new username):

   passwd admin1
   

   You will be prompted with the following:

   New UNIX password:
   Retype new UNIX password:
   

   Type in your new password twice. You will not see your cursor moving. You should get the following output:

   passwd: all authentication tokens updated successfully.
   

6. All set! Do a test login with the new user to make sure it's as powerful or restricted as it should be.

Domain user

A domain user will help you secure your server. The main idea is that if that particular domain gets hacked through the web, it won't spread to the rest of your server. See (ve):Secure Apache configuration for more details.

1. Log into your server with a root or sudo user via SSH.
2. Run this command to add the user with a home directory of /var/www/example.com/ (replace web1 with your desired username and example.com with your own domain name):

   
   useradd -d /var/www/example.com/ -s /bin/false web1
   

   • -s /bin/false disables SSH access for this user.

   You should see output similar to the following:

   useradd: warning: the home directory already exists.
   Not copying any file from skel directory into it.
   

3. Set a password for your new user (replace web1 with your own new username):

   passwd web1
   

   You will be prompted with the following:

   New UNIX password:
   Retype new UNIX password:
   

   Type in your new password twice. You will not see your cursor moving. You should get the following output:

   passwd: all authentication tokens updated successfully.
   

4. All set! Do a test login with the new user to make sure it's as powerful or restricted as it should be.

FTP/SSH user

An FTP or SSH user is a great way to add an additional user for one of your domains. This command is detailed, so be sure to read the explanation of each part of the command under the example.

1. Log into your server with a root or sudo user via SSH.
2. The first step is to find the user ID (UID) of the existing primary user for that domain. In this example, the primary user is web1.

   egrep "web1" /etc/passwd
   

   This will return a line like this:

   
   web1:x:10001:2524::/var/www/example.com:/bin/false
   

   The UID is the number after the x. We will be using this UID in the next step. In our example, the UID is 10001.

3. Run the following command to create the new user. The new user in this example is called "ftp1":

   
   useradd -d /var/www/example.com/html/ -ou 10001 -g web1 -s /bin/bash ftp1
   

   You should see output similar to the following:

   useradd: warning: the home directory already exists.
   Not copying any file from skel directory into it.
   

   Notes on this command:

   • -d designates the home directory for the new user. It should be the directory to which you want to grant FTP access. It can be your main html directory or an existing subdirectory.
   • -ou designates that the UID for the new user will NOT be unique, and then specifies the UID. You should replace 10001 with the UID from your /etc/passwd file in Step 4.
   • -g specifies the group for the new user. Choose the same group as the group of the primary domain user.

   To disable SSH access:

   • -s describes the type of SSH access. Using /bin/false instead disables SSH access.
4. Set a password for your new user (replace ftp1 with your own new username):

   passwd ftp1
   

   You will be prompted with the following:

   New UNIX password:
   Retype new UNIX password:
   

   Type in your new password twice. You will not see your cursor moving. You should get the following output:

   passwd: all authentication tokens updated successfully.
   

5. All set! Do a test login with the new user to make sure it's as powerful or restricted as it should be.