How Do I Add Users to My Server?
- Prateek Kapoor
- Tristen Lawrence
Problem:
I want to add users to my server instance.
Solution:
You can either add users before you create the server through Spinup, or after you create the server by manually logging into the server instance itself.
Before you create the server
The users you want to add to the server must be added to the space before you can choose them. Spinup will automatically add chosen users to the server as soon as it has been created.
Choose a Linux or Windows server from the ‘Create New Resource’ page.
After choosing the server size, you can see the number of users (including yourself) that will added to the server upon creation. If you want to add more users, click
+ Add More
.
You can use the dropdown to add more users from the current space along with their roles . For Linux servers, the SSH Key saved in the users profile will be auto-filled.
You cannot remove yourself from being added to the server, and you must initially have admin access.
Once you are done adding the users you want, click
Save
and the user count will be updated. Users will be automatically added to the server with correct permissions once it is created.
After the server has already been created
Using spinup-user CLI
The spinup-user
command-line utility should be pre-installed on all Spinup Linux servers and can be used to easily add and remove users.
For example, on one of my servers I need to add user jsi3
. I just need their public SSH key (which is not sensitive and can be safely shared) and I can then create the user like so:
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user add jsi3
Paste one or more SSH public keys for this user (hit Enter when done):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhU7Ucb/4AdGjtTrDZfGexJyLFxngErqWyv9Ryix8scdEOJxC/qWJiBOxasQp5fjF+ZDf5OIXgBrtd7xvJT+Lr+p65hE7EX0KL+JAWPibr0E1b0Gw9mTwAIutPA9u5tt6btmWbPUJXWifft8wgq6aIoqsg/sAzmiEHEJiL17fp7LXwjwDsxzYfskLX58uVIVqyMW5da81CNcqAPavlrGq1p1hd/+8i/2m8ql0VHnAOMdqQz5tmGY6N7F/AbtSLDaki7XTS6vQZUc5wr3ZHIe6wuQhk82/VVWoNjlxOjhwBItE0Tb7bCDkMgZ0RMymmpl/T5ioyyZmYQjmP3Xmdhdsb
Added user jsi3 |
You can use the list
command to see all users on the server and get more information about them:
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user list
jsi3
tg333 (admin)
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user list jsi3
Username: jsi3
Admin: false
Shell: /bin/bash
Homedir: /home/jsi3
UID: 1002
GID: 1002
Authorized keys:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhU7Ucb/4AdGjtTrDZfGexJyLFxngErqWyv9Ryix8scdEOJxC/qWJiBOxasQp5fjF+ZDf5OIXgBrtd7xvJT+Lr+p65hE7EX0KL+JAWPibr0E1b0Gw9mTwAIutPA9u5tt6btmWbPUJXWifft8wgq6aIoqsg/sAzmiEHEJiL17fp7LXwjwDsxzYfskLX58uVIVqyMW5da81CNcqAPavlrGq1p1hd/+8i/2m8ql0VHnAOMdqQz5tmGY6N7F/AbtSLDaki7XTS6vQZUc5wr3ZHIe6wuQhk82/VVWoNjlxOjhwBItE0Tb7bCDkMgZ0RMymmpl/T5ioyyZmYQjmP3Xmdhdsb |
Note that by default the new user does not have admin (sudo) privileges. To make an admin user you can use the -a
flag. Be careful who you make an admin as they will have unlimited root access on the server!
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user add jsi3 -a |
To delete a user and their home directory:
This is just a brief overview of how to use the CLI. For more information and examples you can see the Github repo GitHub - YaleSpinup/spinup-user: A simple CLI for managing Linux users
Manual step-by-step guide
If for some reason you cannot use the spinup-user
CLI you can manually create a Linux user.
Best Practices
Utilize SSH keys instead of passwords for authentication
Create new user accounts instead of utilizing the root account
Do not elevate to root unless it is truly needed
Once logged into the computer, right-click on the Start button and select System.
On System settings screen, select "Remote settings" on the left-hand side. In Windows 2019, you will instead select "Remote Desktop" on the left side.
Click the Select Users button on the resulting dialog. On Windows 2019, you will instead scroll to the bottom of the screen and click "Select users that can remotely access this PC".
Click Add button on Remote Desktop Users dialog box.
Type the NetID of the user you want to add and click "Check Names". Their netID should expand to show their full account name/e-mail address. Now you can click OK and exit out of the previous dialog boxes.
New user should now be able to log in!
Note: Users of servers in Secured spaces may get the error "Logon failure: the user has not been granted the requested logon type at this computer". If that occurs, you will need to follow the additional steps below. If you do not have a CIS-hardened server as part of a moderate- or high-risk space, the steps below should not be needed.
Search for and go to "Local Security Policy" under the Windows Start Menu
Expand Local Policies in the left-hand pane, then click on the User Rights Assignment folder. Lastly, double-click on "Allow log on locally" in the right-hand pane.
Type "Remote Desktop Users", then click Check Names. The Group name of "Remote Desktop Users" should become underlined. Click OK, OK, and exit the Local Security Settings manager.
User should now be able to login.