How Do I Add Users to My Server?

1. Choose a Linux or Windows server from the ‘Create New Resource’ page.

2. After choosing the server size, you can see the number of users (including yourself) that will added to the server upon creation. If you want to add more users, click + Add More.

3. You can use the dropdown to add more users from the current space along with their roles . For Linux servers, the SSH Key saved in the users profile will be auto-filled.

You cannot remove yourself from being added to the server, and you must initially have admin access.

4. Once you are done adding the users you want, click Save and the user count will be updated. Users will be automatically added to the server with correct permissions once it is created.

Using spinup-user CLI

The spinup-user command-line utility should be pre-installed on all Spinup Linux servers and can be used to easily add and remove users.

For example, on one of my servers I need to add user jsi3. I just need their public SSH key (which is not sensitive and can be safely shared) and I can then create the user like so:

[tg333@ip-10-5-32-247 ~]$ sudo spinup-user add jsi3
Paste one or more SSH public keys for this user (hit Enter when done):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhU7Ucb/4AdGjtTrDZfGexJyLFxngErqWyv9Ryix8scdEOJxC/qWJiBOxasQp5fjF+ZDf5OIXgBrtd7xvJT+Lr+p65hE7EX0KL+JAWPibr0E1b0Gw9mTwAIutPA9u5tt6btmWbPUJXWifft8wgq6aIoqsg/sAzmiEHEJiL17fp7LXwjwDsxzYfskLX58uVIVqyMW5da81CNcqAPavlrGq1p1hd/+8i/2m8ql0VHnAOMdqQz5tmGY6N7F/AbtSLDaki7XTS6vQZUc5wr3ZHIe6wuQhk82/VVWoNjlxOjhwBItE0Tb7bCDkMgZ0RMymmpl/T5ioyyZmYQjmP3Xmdhdsb

Added user jsi3

You can use the list command to see all users on the server and get more information about them:

[tg333@ip-10-5-32-247 ~]$ sudo spinup-user list
jsi3
tg333 (admin)

[tg333@ip-10-5-32-247 ~]$ sudo spinup-user list jsi3
Username: jsi3
Admin: false
Shell: /bin/bash
Homedir: /home/jsi3
UID: 1002
GID: 1002

Authorized keys:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhU7Ucb/4AdGjtTrDZfGexJyLFxngErqWyv9Ryix8scdEOJxC/qWJiBOxasQp5fjF+ZDf5OIXgBrtd7xvJT+Lr+p65hE7EX0KL+JAWPibr0E1b0Gw9mTwAIutPA9u5tt6btmWbPUJXWifft8wgq6aIoqsg/sAzmiEHEJiL17fp7LXwjwDsxzYfskLX58uVIVqyMW5da81CNcqAPavlrGq1p1hd/+8i/2m8ql0VHnAOMdqQz5tmGY6N7F/AbtSLDaki7XTS6vQZUc5wr3ZHIe6wuQhk82/VVWoNjlxOjhwBItE0Tb7bCDkMgZ0RMymmpl/T5ioyyZmYQjmP3Xmdhdsb

Note that by default the new user does not have admin (sudo) privileges. To make an admin user you can use the -a flag. Be careful who you make an admin as they will have unlimited root access on the server!

[tg333@ip-10-5-32-247 ~]$ sudo spinup-user add jsi3 -a

To delete a user and their home directory:

[tg333@ip-10-5-32-247 ~]$ sudo spinup-user remove jsi3
Removed user jsi3

This is just a brief overview of how to use the CLI. For more information and examples you can see the Github repo https://github.com/YaleSpinup/spinup-user

Manual step-by-step guide

If for some reason you cannot use the spinup-user CLI you can manually create a Linux user.

$ sudo -s
$ NEWUSER=<netid of person you would like to add>  #Variable that is used in future commands
$ adduser $NEWUSER
$ gpasswd -a $NEWUSER wheel  #If you would like to give them root access
$ mkdir -m 700 /home/$NEWUSER/.ssh
$ echo "User's PUBLIC key" > /home/$NEWUSER/.ssh/authorized_keys
$ chmod 600 /home/$NEWUSER/.ssh/authorized_keys
$ chown -R $NEWUSER:$NEWUSER /home/$NEWUSER/.ssh
$ restorecon -FRvv /home/$NEWUSER/.ssh  #Required if Selinux is running on the server

$ sudo -s
$ NEWUSER=<netid of person you would like to add>  #Variable that is used in future commands
$ adduser $NEWUSER
$ usermod -aG sudo $NEWUSER  #If you would like to give them root access
$ mkdir -m 700 /home/$NEWUSER/.ssh
$ echo "User's PUBLIC key" > /home/$NEWUSER/.ssh/authorized_keys
$ chmod 600 /home/$NEWUSER/.ssh/authorized_keys
$ chown -R $NEWUSER:$NEWUSER /home/$NEWUSER/.ssh
$ restorecon -FRvv /home/$NEWUSER/.ssh  #Required if Selinux is running on the server

Best Practices

• Utilize SSH keys instead of passwords for authentication

• Create new user accounts instead of utilizing the root account

• Do not elevate to root unless it is truly needed

1. Once logged into the computer, right-click on the Start button and select System.

2. On System settings screen, select "Remote settings" on the left-hand side. In Windows 2019, you will instead select "Remote Desktop" on the left side.

3. Click the Select Users button on the resulting dialog. On Windows 2019, you will instead scroll to the bottom of the screen and click "Select users that can remotely access this PC".

4. Click Add button on Remote Desktop Users dialog box.

5. Type the NetID of the user you want to add and click "Check Names". Their netID should expand to show their full account name/e-mail address. Now you can click OK and exit out of the previous dialog boxes.

6. New user should now be able to log in!

7. Note: Users of servers in Secured spaces may get the error "Logon failure: the user has not been granted the requested logon type at this computer". If that occurs, you will need to follow the additional steps below. If you do not have a CIS-hardened server as part of a moderate- or high-risk space, the steps below should not be needed. 

8. Search for and go to "Local Security Policy" under the Windows Start Menu

9. Expand Local Policies in the left-hand pane, then click on the User Rights Assignment folder. Lastly, double-click on "Allow log on locally" in the right-hand pane.

10. Type "Remote Desktop Users", then click Check Names. The Group name of "Remote Desktop Users" should become underlined. Click OK, OK, and exit the Local Security Settings manager.

11. User should now be able to login.