Lesson 4: Managing your VPS Users
2023-03-30
707 words
4 mins read
This article describes how to manage your Linux users on your VPS server.
What are the Best Security Practices for Managing Users on Linux
Here are some best security practices for managing users on Linux:
-
Use strong passwords: Ensure that each user account has a strong password that meets complexity requirements. Passwords should be unique and not shared between users.
-
Use sudo: Use the sudo command to grant administrative privileges to users when they need them. This allows you to control access to system resources and maintain better security.
-
Limit remote access: Limit remote access to the system by disabling remote login for non-administrative users, and using secure protocols like SSH for remote access.
-
Monitor user activity: Monitor user activity on the system to detect suspicious behavior and potential security breaches.
-
Remove unnecessary accounts: Remove unnecessary user accounts from the system to reduce the risk of unauthorized access.
-
Use multi-factor authentication: Use multi-factor authentication to increase the security of user accounts, requiring users to provide two or more forms of authentication before accessing the system.
-
Disable root login: Disable direct root login to the system, and use sudo to perform administrative tasks.
-
Regularly review user accounts: Regularly review user accounts to ensure that they are still required and that their access is appropriate.
-
Implement least privilege: Implement the principle of least privilege, which means giving users only the access they need to perform their jobs and nothing more.
By following these best practices, you can help ensure that user accounts on your Linux system are secure and that the risk of unauthorized access or data breaches is minimized.
How to Manage Users and Create a Super User that is NOT Root?
Create User
One strong form of security you can implement for your Linux Server is to make a super user account for yourself while disabling root login. If you need other user accounts you can create them as needed, just make sure you only assign as many privileges as they need to perform their expected tasks.
The only time you will use the root user is in the most specific cases and if possible, never through SSH as this is considered a vounderablity that can be exploited if a hacker manages to get access to your root user. This is why we will be disabling the root user from logging in via SSH later in this guide.
To start let’s create a new user that will be our super user that will have sudo permissions, run the following command:
adduser your-user
Replace “your-user” with the name of your user, in my case I choose “israel-master-key” to let myself know this will be my superuser.
You will be asked to create a password for the user.
You will also have the option to enter additional information about the user, you can skip by pressing “Enter” as this is not critical for security.
After finishing the prompt, you will be able to see your user’s home folder under the “/home” directory that contains all the users on the system.
Remove User
- Type the following command to remove the user:
sudo deluser your-user
Replace “your-user” with the name of the user you want to remove.
- If you want to also remove the user’s home directory and files, add the –remove-home option to the command:
sudo deluser --remove-home
SSH into VPS with New User
Either create or move your existing public SSH key to your new users’ “~/.ssh/authorized_keys” file in their home directory.
This tutorial will explain creating and adding SSH keys in more depth:
https://www.israellandes.com/blog/2023/03/linux-security/lesson-1-ssh-the-secure-shell-protocol
You will then be able to log in to your server with a similar command:
ssh -i "~/.ssh/israel-master-key" [email protected]
Turning New User into Super User
Before you can turn your new user into a Super User, you must first log in as root or a user with sudo permissions. Then run the following command:
sudo adduser your-user sudo
This command will add “your-user” to the sudo group, granting them
sudo
command capabilities
Conclusion
You now have a non-root user with sudo permissions and should use this user to SSH login instead of root at all times. To finish up remove any users you don’t need besides root and let’s continue with securing our VPS.
Related Articles:
- 2023/03/30 Lesson 3: Backing Up your VPS
- 2023/03/30 Lesson 2: Updating your VPS
- 2023/03/30 Lesson 1: SSH the Secure Shell Protocol
- 2023/03/30 What is Linux Security?
- 2023/03/29 How to Open Terminal on Linux?
Authored By Is-Rael Landes
Is-Rael Landes, a good man living on the earth, loving making website, teaching others and coding.