Create a New Non-Root User on Ubuntu
Overview
Working on a remote server as the root user can cause problems with file permissions and if you’re not careful you can break things pretty badly. For example, if your WordPress file uploads are not working, one possibility is that the uploads directory was created with the wrong permissions.
It’s a good idea to create a new non-root user as soon as you create a new web server in order to avoid these types of issues. The video walks you through the process and each of the steps is broken out below.
Create a New Non-Root User On Ubuntu
I’m going to use the Terminal program to SSH into the web server as the root user using the private portion of the SSH key pair I created earlier:
ssh -i ~/.ssh/25monkeys-do root@143.198.116.106 RETURN
Once I connect to the remote server, I should get a welcome message and an overview of basic system status information.
Next I’ll create a new user named supernifty with the following command:
adduser supernifty RETURN
Next I’ll be prompted to create a password for this user. Whereas before when I skipped the password part for the creation of the SSH key pair, here I want to create and enter a really strong password and hit RETURN Once I’ve entered the password and hit return, the user will be created.
Then I’ll immediately modify the new supernifty user by adding them to the sudo group.
usermod -aG sudo supernifty RETURN
Sudo is a really useful command as it makes the current user a super user giving them administrative abilities. It’s kind of weird and hard to explain without an example or two so here’s a sudo explainer.
Once the new supernifty user has been added to the sudo group, I’ll use the su (switch user) command to change from being the root user into being the new supernifty user:
su – supernifty RETURN
I’m now working as the supernifty user. This is a really important step because now everything I create will be owned by the supernifty user which in turn sets all the permissions to all of the files and folders properly.
First I’ll create a new .ssh directory in my home directory:
mkdir ~/.ssh RETURN
I’ll use the nano text editor to create a new, empty authorized_keys file inside that .ssh directory.
nano ~/.ssh/authorized_keys RETURN
This new authorized_keys file is empty. I need to copy/paste the public portion of the SSH key pair file I created earlier into it. So I’ll open a new Terminal window on my laptop and copy the contents of the public portion of an SSH key pair to my clipboard using the pbcopy command:
pbcopy < /Users/ed/.ssh/supernifty.pub RETURN
Now I’ll switch back to the Terminal window with my remote web server session and paste COMMAND-V the contents of my local Users/ed/.ssh/supernifty.pub file into the remote web server’s ~/.ssh/authorized_keys file. Then I’ll save the ~/.ssh/authorized_keys file on the remote server by hitting CONTROL-O and close the file and quit out of the nano text editor by hitting CONTROL-X.
Finally, I need to set the proper permissions for the ~/.ssh/authorized_keys file on the remote web server with the chmod (change mode) command:
chmod 700 ~/.ssh/authorized_keys RETURN
700 allows the owner of the directory (the supernifty user) to read, write and execute anything in the directory and denies all access to all other users.
Now I’ll use the exit command to switch out of being the supernifty user and go back to being the root user:
exit RETURN
Then I’ll exit again to end my SSH session and disconnect from the remote web server:
exit RETURN
To test everything, I’ll SSH back into the remote web server, except this time I’ll do it as the new supernifty user:
ssh -i ~/.ssh/supernifty supernifty@143.198.116.106 RETURN
If everything went to plan, I should be able to connect to the server again, but this time as the non-root user supernifty.
With a new non-root user properly created, I can start working on the server without worrying about screwing things up with bad permissions. Next will be to update and upgrade Ubuntu.