How to add new users on Linux?
- Galen Dove (Unlicensed)
- Tristen Lawrence
- Andrew Guirguis (Unlicensed)
Problem:
I need to add a new user to a Linux server
Linux servers in Spinup use regular SSH authentication (password authentication has been disabled for security reasons). In addition, high-risk servers require Duo multi-factor authentication when logging in.
By default only the user who created a server can SSH into it using their netid and SSH key specified in their Spinup profile.
Using spinup-user CLI
The spinup-user command-line utility should be pre-installed on all Spinup Linux servers and can be used to easily add and remove users.
For example, on one of my servers I need to add user jsi3. I just need their public SSH key (which is not sensitive and can be safely shared) and I can then create the user like so:
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user add jsi3 Paste one or more SSH public keys for this user (hit Enter when done): ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhU7Ucb/4AdGjtTrDZfGexJyLFxngErqWyv9Ryix8scdEOJxC/qWJiBOxasQp5fjF+ZDf5OIXgBrtd7xvJT+Lr+p65hE7EX0KL+JAWPibr0E1b0Gw9mTwAIutPA9u5tt6btmWbPUJXWifft8wgq6aIoqsg/sAzmiEHEJiL17fp7LXwjwDsxzYfskLX58uVIVqyMW5da81CNcqAPavlrGq1p1hd/+8i/2m8ql0VHnAOMdqQz5tmGY6N7F/AbtSLDaki7XTS6vQZUc5wr3ZHIe6wuQhk82/VVWoNjlxOjhwBItE0Tb7bCDkMgZ0RMymmpl/T5ioyyZmYQjmP3Xmdhdsb Added user jsi3
You can use the list command to see all users on the server and get more information about them:
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user list jsi3 tg333 (admin) [tg333@ip-10-5-32-247 ~]$ sudo spinup-user list jsi3 Username: jsi3 Admin: false Shell: /bin/bash Homedir: /home/jsi3 UID: 1002 GID: 1002 Authorized keys: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhU7Ucb/4AdGjtTrDZfGexJyLFxngErqWyv9Ryix8scdEOJxC/qWJiBOxasQp5fjF+ZDf5OIXgBrtd7xvJT+Lr+p65hE7EX0KL+JAWPibr0E1b0Gw9mTwAIutPA9u5tt6btmWbPUJXWifft8wgq6aIoqsg/sAzmiEHEJiL17fp7LXwjwDsxzYfskLX58uVIVqyMW5da81CNcqAPavlrGq1p1hd/+8i/2m8ql0VHnAOMdqQz5tmGY6N7F/AbtSLDaki7XTS6vQZUc5wr3ZHIe6wuQhk82/VVWoNjlxOjhwBItE0Tb7bCDkMgZ0RMymmpl/T5ioyyZmYQjmP3Xmdhdsb
Note that by default the new user does not have admin (sudo) privileges. To make an admin user you can use the -a flag. Be careful who you make an admin as they will have unlimited root access on the server!
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user add jsi3 -a
To delete a user and their home directory:
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user remove jsi3 Removed user jsi3
This is just a brief overview of how to use the CLI. For more information and examples you can see the Github repo https://github.com/YaleSpinup/spinup-user
Manual step-by-step guide
If for some reason you cannot use the spinup-user CLI you can manually create a Linux user.
$ sudo -s $ NEWUSER=<netid of person you would like to add> #Variable that is used in future commands $ adduser $NEWUSER $ gpasswd -a $NEWUSER wheel #If you would like to give them root access $ mkdir -m 700 /home/$NEWUSER/.ssh $ echo "User's PUBLIC key" > /home/$NEWUSER/.ssh/authorized_keys $ chmod 600 /home/$NEWUSER/.ssh/authorized_keys $ chown -R $NEWUSER:$NEWUSER /home/$NEWUSER/.ssh $ restorecon -FRvv /home/$NEWUSER/.ssh #Required if Selinux is running on the server
$ sudo -s $ NEWUSER=<netid of person you would like to add> #Variable that is used in future commands $ adduser $NEWUSER $ usermod -aG sudo $NEWUSER #If you would like to give them root access $ mkdir -m 700 /home/$NEWUSER/.ssh $ echo "User's PUBLIC key" > /home/$NEWUSER/.ssh/authorized_keys $ chmod 600 /home/$NEWUSER/.ssh/authorized_keys $ chown -R $NEWUSER:$NEWUSER /home/$NEWUSER/.ssh $ restorecon -FRvv /home/$NEWUSER/.ssh #Required if Selinux is running on the server
Best Practices
- Utilize SSH keys instead of passwords for authentication
- Create new user accounts instead of utilizing the root account
- Do not elevate to root unless it is truly needed
Related articles