In some cases you need to install more users on your server - to allow other people to maintain the server or just upload files. Here is a short guide to adding other users, and granting them privileges to perform relevant tasks.

Add new user

Start by adding a new linux user:

sudo adduser __USERNAME__

If your new user is called martin, it would look like this:

sudo adduser martin

A lot of times it makes sense to set up a group with special permissions for your less privileges users. I typically use a reply group with just enough privileges to read and write files in the the webserver root.

To add the new user to the deploy group on the server, use the following command:

sudo usermod -a -G deploy __USERNAME__

Or in the case of martin:

sudo usermod -a -G deploy martin

Grant login privileges for the new user. Open /etc/ssh/sshd_config and add the new username to the list of allowed users. Open the config file using Nano:

sudo nano /etc/ssh/sshd_config

Update the list of allowed users in ssh config. It should look something like this, after you added martin:

AllowUsers user1 user2 martin

Granting sudo privileges

You could grant sudo privileges for the new user, if the user should be able to run admin commands. This is basically giving the new user full administration privileges - so only do this if you really need to.

In terminal, run:

sudo visudo

This will open the sudoers configuration in the Nano text editor. In the file you need to locate this section:

# User privilege specification
root ALL=(ALL:ALL) ALL

And then add the following line:

__USERNAME__ ALL=(ALL) ALL

In the case of martin it should end up looking like:

# User privilege specification
root ALL=(ALL:ALL) ALL
martin ALL=(ALL) ALL

You have successfully created the new user on the server and granted root permissions. The new user now has the power
to make a big mess :)

SSH Access

If you want your user to log in using an ssh-key, you need to copy the users ssh-key to the server.

Copy SSH key to server

IMPORTANT: This part is done from your local machine - not on the server. You need to get the SSH key from the user before proceeding - this is typically called id_rsa.pub.

First copy the file to the server using scp (secure copy):

scp id_rsa.pub __YOUR_USERNAME__@__IP__:/home/__YOUR_USERNAME__/__USERNAME__-ssh_authorized_keys

Let's say kaestel is uploading ssh key for martin, and the server IP is 80.70.50.40 and it is running SSH on the default port (22), then it will look like this:

scp id_rsa.pub kaestel@80.70.50.40:/home/kaestel/martin-ssh_authorized_key

If the server is running SSH on a custom port (like 25000), you can specify the port like this:

scp -P 25000 id_rsa.pub kaestel@80.70.50.40:/home/kaestel/martin-ssh_authorized_key

Now the public key of martin has been copied to the server.

Move SSH key

IMPORTANT: Login in to the server to proceed with the setup.

First we want to move the SSH key to the correct location:

sudo mkdir /home/__USERNAME__/.ssh && sudo mv /home/__YOUR_USERNAME__/__USERNAME__-ssh_authorized_keys /home/__USERNAME__/.ssh/authorized_keys

Or in the case of kaestel installing for martin:

sudo mkdir /home/martin/.ssh &&
sudo mv /home/kaestel/martin-ssh_authorized_keys /home/martin/.ssh/authorized_keys

Update SSH key permissions

And the update permission on SSH key:

sudo chown -R __USERNAME__:__USERNAME__ /home/__USERNAME__/.ssh/ &&
sudo chmod 700 /home/__USERNAME__/.ssh &&
sudo chmod 600 /home/__USERNAME__/.ssh/authorized_keys

Or in the case of martin:

sudo chown -R martin:martin /home/martin/.ssh/ &&
sudo chmod 700 /home/martin/.ssh &&
sudo chmod 600 /home/martin/.ssh/authorized_keys

Restart the SSH service

Finally you need to restart the ssh service to make the changes take effect:

sudo service ssh restart

You are done. Now it is time to let the new user log in to the server.

Change password

To change the password for a given user, use this command:

passed __USERNAME__

In the case of martin:

passed martin

Delete user

If you want to delete a user again, this command will do the trick:

sudo userdel __USERNAME__

In the case of martin:

sudo userdel martin

Revoking sudo and login privileges

If the user has also been granted login and sudo privileges, make sure to remove the user from the sudoers file and from /etc/ssh/sshd_config.

Sudo privileges

You can (and should only ever) edit the sudoers file by using the command below. Be aware that using any other means of editing the sudoers file risks damaging the entire system.

sudo visudo

In the sudoers file, you'll find the user listed like shown below. Simply delete the line and save the file.

usertobedeleted ALL=(ALL:ALL) ALL

Login privileges

You can edit /etc/ssh/sshd_config by using the below command.

sudo nano /etc/ssh/sshd_config

The user name will be in the AllowUsers list in the bottom of the file. It will look something like shown below. Just delete the specific username and save the file.

AllowUsers username1 usertobedeleted username2

After saving files, restart the ssh service, like this:

sudo service ssh restart