Versions Compared

Old Version 2

changes.mady.by.user Prateek Kapoor

Saved on

compared with

New Version 3

changes.mady.by.user Prateek Kapoor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Problem:

Note

Before my server is created, I know which users from my space I want added and want the server to automatically add these users once it is createdusers to my server instance.

Solution:

Tip

After choosing the size of a Linux or Windows server, there is an option to add more users under the ‘Summary’ section before you create the server.

...

You can either add users before you create the server through Spinup, or after you create the server by manually logging into the server instance itself.

Before you create the server

Expand
titleUsing Spinup
Info

The users you want to add to the server must be added to the space before you can choose them. Spinup will automatically add chosen users to the server as soon as it has been created.

  1. Choose a Linux or Windows server from the ‘Create New Resource’ page.

...

Image Added

    ...

    1. After choosing the server size, you can see the number of users (including yourself) that will added to the server upon creation. If you wan’t to add more users, click + Add More.

    ...

    Image Added

      ...

      1. You can use the dropdown to add more users from the current space along with their roles . For Linux servers, the SSH Key saved in the users profile will be auto-filled.

      You cannot remove yourself from being added to the server, and you must initially have admin access.

      ...

      Image AddedImage Added

      ...

      1. Once you are done adding the users you want, click Save and the user count will be updated. Users will be automatically added to the server with correct permissions once it is created.

      Image Added

      After the server has already been created

      Expand
      titleLinux

      Using spinup-user CLI

      The spinup-user command-line utility should be pre-installed on all Spinup Linux servers and can be used to easily add and remove users.

      For example, on one of my servers I need to add user jsi3. I just need their public SSH key (which is not sensitive and can be safely shared) and I can then create the user like so:

      Code Block
      [tg333@ip-10-5-32-247 ~]$ sudo spinup-user add jsi3
Paste one or more SSH public keys for this user (hit Enter when done):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhU7Ucb/4AdGjtTrDZfGexJyLFxngErqWyv9Ryix8scdEOJxC/qWJiBOxasQp5fjF+ZDf5OIXgBrtd7xvJT+Lr+p65hE7EX0KL+JAWPibr0E1b0Gw9mTwAIutPA9u5tt6btmWbPUJXWifft8wgq6aIoqsg/sAzmiEHEJiL17fp7LXwjwDsxzYfskLX58uVIVqyMW5da81CNcqAPavlrGq1p1hd/+8i/2m8ql0VHnAOMdqQz5tmGY6N7F/AbtSLDaki7XTS6vQZUc5wr3ZHIe6wuQhk82/VVWoNjlxOjhwBItE0Tb7bCDkMgZ0RMymmpl/T5ioyyZmYQjmP3Xmdhdsb

Added user jsi3

      You can use the list command to see all users on the server and get more information about them:

      Code Block
      [tg333@ip-10-5-32-247 ~]$ sudo spinup-user list
jsi3
tg333 (admin)

[tg333@ip-10-5-32-247 ~]$ sudo spinup-user list jsi3
Username: jsi3
Admin: false
Shell: /bin/bash
Homedir: /home/jsi3
UID: 1002
GID: 1002

Authorized keys:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhU7Ucb/4AdGjtTrDZfGexJyLFxngErqWyv9Ryix8scdEOJxC/qWJiBOxasQp5fjF+ZDf5OIXgBrtd7xvJT+Lr+p65hE7EX0KL+JAWPibr0E1b0Gw9mTwAIutPA9u5tt6btmWbPUJXWifft8wgq6aIoqsg/sAzmiEHEJiL17fp7LXwjwDsxzYfskLX58uVIVqyMW5da81CNcqAPavlrGq1p1hd/+8i/2m8ql0VHnAOMdqQz5tmGY6N7F/AbtSLDaki7XTS6vQZUc5wr3ZHIe6wuQhk82/VVWoNjlxOjhwBItE0Tb7bCDkMgZ0RMymmpl/T5ioyyZmYQjmP3Xmdhdsb

      Note that by default the new user does not have admin (sudo) privileges. To make an admin user you can use the -a flag. Be careful who you make an admin as they will have unlimited root access on the server!

      Code Block
      [tg333@ip-10-5-32-247 ~]$ sudo spinup-user add jsi3 -a

      To delete a user and their home directory:

      Code Block
      [tg333@ip-10-5-32-247 ~]$ sudo spinup-user remove jsi3
Removed user jsi3

      This is just a brief overview of how to use the CLI. For more information and examples you can see the Github repo https://github.com/YaleSpinup/spinup-user

      Manual step-by-step guide

      If for some reason you cannot use the spinup-user CLI you can manually create a Linux user.

      Code Block
      $ sudo -s
$ NEWUSER=<netid of person you would like to add>  #Variable that is used in future commands
$ adduser $NEWUSER
$ gpasswd -a $NEWUSER wheel  #If you would like to give them root access
$ mkdir -m 700 /home/$NEWUSER/.ssh
$ echo "User's PUBLIC key" > /home/$NEWUSER/.ssh/authorized_keys
$ chmod 600 /home/$NEWUSER/.ssh/authorized_keys
$ chown -R $NEWUSER:$NEWUSER /home/$NEWUSER/.ssh
$ restorecon -FRvv /home/$NEWUSER/.ssh  #Required if Selinux is running on the server
      Code Block
      $ sudo -s
$ NEWUSER=<netid of person you would like to add>  #Variable that is used in future commands
$ adduser $NEWUSER
$ usermod -aG sudo $NEWUSER  #If you would like to give them root access
$ mkdir -m 700 /home/$NEWUSER/.ssh
$ echo "User's PUBLIC key" > /home/$NEWUSER/.ssh/authorized_keys
$ chmod 600 /home/$NEWUSER/.ssh/authorized_keys
$ chown -R $NEWUSER:$NEWUSER /home/$NEWUSER/.ssh
$ restorecon -FRvv /home/$NEWUSER/.

      ...

      ssh  #Required if Selinux is running on the server

      Best Practices

      • Utilize SSH keys instead of passwords for authentication

      • Create new user accounts instead of utilizing the root account

      • Do not elevate to root unless it is truly needed

      Expand
      titleWindows

      1. Once logged into the computer, right-click on the Start button and select System.

      Image Added

      1. On System settings screen, select "Remote settings" on the left-hand side. In Windows 2019, you will instead select "Remote Desktop" on the left side.

      Image AddedImage Added

      1. Click the Select Users button on the resulting dialog. On Windows 2019, you will instead scroll to the bottom of the screen and click "Select users that can remotely access this PC".

      Image AddedImage Added

      1. Click Add button on Remote Desktop Users dialog box.

      Image Added

      1. Type the NetID of the user you want to add and click "Check Names". Their netID should expand to show their full account name/e-mail address. Now you can click OK and exit out of the previous dialog boxes.

      Image Added

      1. New user should now be able to log in!

      2. Note: Users of servers in Secured spaces may get the error "Logon failure: the user has not been granted the requested logon type at this computer". If that occurs, you will need to follow the additional steps below. If you do not have a CIS-hardened server as part of a moderate- or high-risk space, the steps below should not be needed. 

      3. Search for and go to "Local Security Policy" under the Windows Start Menu

      Image Added

      1. Expand Local Policies in the left-hand pane, then click on the User Rights Assignment folder. Lastly, double-click on "Allow log on locally" in the right-hand pane.

      Image Added

      1. Type "Remote Desktop Users", then click Check Names. The Group name of "Remote Desktop Users" should become underlined. Click OK, OK, and exit the Local Security Settings manager.

      Image Added

      1. User should now be able to login.