We help IT Professionals succeed at work.

Adding User to Ubuntu

High Priority
226 Views
Last Modified: 2019-06-23
Adding User to Ubuntu

I need a user that I can use when I do not want to risk doing damage to my Ubuntu installation.

So, I ran

sudo su

then ran

adduser curiouswebster

following these instructions,
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04

is ran
usermod -aG sudo curiouswebster

but doesn't this add root privileges for curiouswebster??

If so, please help me downgrade the permissions.

I was hoping to log in as curiouswebster and install various systems, like Apache, MySQL, PHP and WordPress.

Shouldn't I use root for this?

Also, how do I log in as curiouswebster?

Thanks
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Sudo su is redundant

Sudo -I or sudo -s

Useradd -D
To see the current defaults for new user creation.

-G is to define an additional group, if your /etc/sudoers has a sudo group defined with elevation rights, the answer to your question is yes that creating a new user who us also a member of the sudo would have elevation rights.

Sudo useradd -g users -c "limited user" -s /bin/bash -m -k /etc/skel username
Sudo moduser -p username
To set password.
Kenza CohenIT Solutions Provider
CERTIFIED EXPERT
Commented:
Su root should ask you for your password and give you a warning. Once you have entered your password you can use command as root.

To change the password of root you can just do passwd root which should allow you to get back in easier.
Kelly BlackSenior Linux / DBA / DEVOPS
CERTIFIED EXPERT
Commented:
In your example you're trying to usermod 'sudo' which is not a user.

If you use sudo, invariably it's the start of the command.

You can use sudo without using it at every command by entering interactive mode by typing
`sudo -i`, then every command you type (until you type exit) will be as superuser.
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
1) usermod -aG sudo curiouswebster but doesn't this add root privileges for curiouswebster??

Yes.

curiouswebster can just get a root shell.

sudo bash

Open in new window


2) If so, please help me downgrade the permissions.

Easy way is just to edit /etc/group + remove curiouswebster from the sudo group.

3) I was hoping to log in as curiouswebster and install various systems, like Apache, MySQL, PHP... Shouldn't I use root for this?

Only root can install OS level packages.

4) I was hoping to log in as curiouswebster and install WordPress

Any user can install WordPress, so long as there's some facility for them to create a database (as non root user) + then create the directory hierarchy required by WordPress, setup SSL cert, setup Apache config, etc...

5) Also, how do I log in as curiouswebster?

Normally this will be something like...

ssh -i ~/.ssh/key.rsa -2 -4 -o StrictHostKeyChecking=no -o TCPKeepAlive=yes -o GSSAPIAuthentication=no -o Compression=no curiouswebster@$host

Open in new window


Your key + options may vary, depending on many factors.
curiouswebsterSoftware Engineer

Author

Commented:
Thanks. Based on all your feedback, I will proceed to install and configure my Ubuntu for LAMP, using root privileges. I will not bother with configuring a reduced privileges user (for myself) until I get WordPress up and running.

But, I have one final question on sudo.

you said, using "sudo su" was redundant.

I see that sudo -I makes these permissions easier to NOT switch cart blanch to high privileges. Thanks.

But, when I want to turn root privileges ON for the session, what's the best sudo command?

Thanks
Kenza CohenIT Solutions Provider
CERTIFIED EXPERT
Commented:
You can just do su root.

That will switch you to a root session
curiouswebsterSoftware Engineer

Author

Commented:
thanks
Kelly BlackSenior Linux / DBA / DEVOPS
CERTIFIED EXPERT
Commented:
It's
su -
(Note the -)
curiouswebsterSoftware Engineer

Author

Commented:
you mean,

su -root?
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Su requires, prompts for root password.
Sudo is a controlled elevation that uses the user's password to elevate

Sudo provides a granular control to allow a user to run some administrative vommands.
I.e. You can grant a user, group rights to run certain commands in elevated
Make sure you do not grant users efitor access in elevated mode as most efitors have an option to open shell.
CERTIFIED EXPERT
Commented:
FYI:
man sudo

...
-i, --login Run the shell specified by the target user's password database entry as a login shell.  This means
                   that login-specific resource files such as .profile or .login will be read by the shell.  If a
                   command is specified, it is passed to the shell for execution via the shell's -c option.  If no
                   command is specified, an interactive shell is executed.  sudo attempts to change to that user's home
                   directory before running the shell.  The command is run with an environment similar to the one a
                   user would receive at log in.  The Command environment section in the sudoers(5) manual documents
                   how the -i option affects the environment in which a command is run when the sudoers policy is in
                   use.

...
       -s, --shell Run the shell specified by the SHELL environment variable if it is set or the shell specified by the
                   invoking user's password database entry.  If a command is specified, it is passed to the shell for
                   execution via the shell's -c option.  If no command is specified, an interactive shell is executed.
...

Open in new window

Kelly BlackSenior Linux / DBA / DEVOPS
CERTIFIED EXPERT
Commented:
No I mean su -

Root is the default user for sudo.

You only specify the user to jail if you need it, for example

su -  nagios

Tells the root shell to inherit the group and user permissions of nagios.

This is particularly useful for accounts like nagios which are typically system only accounts with no shell, and no login.
curiouswebsterSoftware Engineer

Author

Commented:
What does this mean "You only specify the user to jail if you need it"?

And what is nagios?
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Nagios in this is an example of a username.

Running the below command
Su - <username>
Allows you to switch your privelege to match that of the <username> after you provide the root's password provided the user has a shell defined in /etc/passwd.

This is useful in troubleshooting.
curiouswebsterSoftware Engineer

Author

Commented:
Does the term "user to jail" come from the ides that a user is being checked to see if, with his permissions, he had the permission to do something bad on the system?
Kelly BlackSenior Linux / DBA / DEVOPS
CERTIFIED EXPERT
Commented:
I mean sudo uses a wrapper like mechanism to set environment variables in the shell, jail is just a colloquial term for the user space separation.

This is far more understanding than is needed. One could write volumes on it. Suggest looking at ‘man sudo ‘ and ‘man env’
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
A true "Jail" is a very specific construct.

This relates to using chroot, LXD, Docker or several other mechanisms to ensure a specific user or set of users only have access to the Jailed runtime environment. This blocks access to machine level files + facilities, also other container access is blocked.

Best to open another question about Jails, as answers can be long.