In some cases you need to install more users on your server - to allow other people to maintain the server or just upload files. Here is a short guide to adding other users, and granting them privileges to perform relevant tasks.

Add new user

Start by adding a new linux user:

sudo adduser __USERNAME__

A lot of times it makes sense to set up a group with special permissions for your less privileges users. I typically use a deploy group with just enough privileges to read and write files in the the webserver root.

To add the new user to the deploy group on the server, use the following command:

sudo usermod -a -G deploy __USERNAME__

Grant login privileges for the new user. Open /etc/ssh/sshd_config and add the new username to the list of allowed users. Open the config file using Nano:

sudo nano /etc/ssh/sshd_config

Update the list of allowed users in ssh config. It should look something like this, after you added __USERNAME__:

AllowUsers user1 user2 __USERNAME__

Granting sudo privileges

You could grant sudo privileges for the new user, if the user should be able to run admin commands. This is basically giving the new user full administration privileges - so only do this if you really need to.

In terminal, run:

sudo visudo

This will open the sudoers configuration in the Nano text editor. In the bottom of the file you need to add the following line:

__USERNAME__ ALL=(ALL:ALL) ALL

You have successfully created the new user on the server and granted root permissions. The new user now has the power
to make a big mess :)

SSH Access

If you want your user to log in using an ssh-key, you need to copy the users ssh-key to the server.

Copy SSH key to server

IMPORTANT: This part is done from your local machine - not on the server. You need to get the SSH key from the user before proceeding - this is typically called id_rsa.pub.

First copy the file to the server using scp (secure copy):

scp -P __PORT__ id_rsa.pub __ADMIN_USERNAME__@__IP__:/home/__ADMIN_USERNAME__/__USERNAME__-ssh_authorized_keys

Now the public key of __USERNAME__ has been copied to the server.

Move SSH key

IMPORTANT: Login in to the server to proceed with the setup.

First we want to move the SSH key to the correct location:

sudo mkdir /home/__USERNAME__/.ssh && sudo mv /home/__ADMIN_USERNAME__/__USERNAME__-ssh_authorized_keys /home/__USERNAME__/.ssh/authorized_keys

Update SSH key permissions

And the update permission on SSH key:

sudo chown -R __USERNAME__:__USERNAME__ /home/__USERNAME__/.ssh/ &&
sudo chmod 700 /home/__USERNAME__/.ssh &&
sudo chmod 600 /home/__USERNAME__/.ssh/authorized_keys

Restart the SSH service

Finally you need to restart the ssh service to make the changes take effect:

sudo service ssh restart

Add alias' and other bash settings

If your general setup also includes alias' or functions, these should now be added to the .bash_profile of the new user. 

You are done. Now it is time to let the new user log in to the server.

Change password

To change the password for a given user, use this command:

passed __USERNAME__

Delete user

If you want to delete a user again, this command will do the trick:

sudo userdel __USERNAME__

Revoking sudo and login privileges

If the user has also been granted login and sudo privileges, make sure to remove the user from the sudoers file and from /etc/ssh/sshd_config.

Sudo privileges

You can (and should only ever) edit the sudoers file by using the command below. Be aware that using any other means of editing the sudoers file risks damaging the entire system.

sudo visudo

In the sudoers file, you'll find the user listed like shown below. Simply delete the line and save the file.

__USERNAME__ ALL=(ALL:ALL) ALL

Login privileges

You can edit /etc/ssh/sshd_config by using the below command.

sudo nano /etc/ssh/sshd_config

The username will be in the AllowUsers list in the bottom of the file. It will look something like shown below. Just delete the specific username and save the file.

AllowUsers username1 __USERNAME__ username2

After saving files, restart the ssh service, like this:

sudo service ssh restart