As you saw in the previous section we login to your VPS as the root user name. But ultimately, the direct use of the root user will inherently risky as you could be exposed root password if the machine is infected with spyware and shine when you're typing a password, or if you want others on the VPS administrator that the user must take root, it is dangerous.
So what's the solution? There is a solution that you need to know right now that is using sudo in Linux features.
I. What is Sudo?
Sudo is the abbreviation of S uper u ser Thus , roughly translated as " super members do [something] ". Means that it will allow a user to perform a certain command in the system under the authority of another member (Superuser account here means root ) that they do not need special permission.
For example, a normal user will not be able to use the command to stop a certain task on the system. But if they type a command to stop certain tasks that include the word sudo in front of this requirement will be sent to the system, the system will check whether the user is requested to send in sudoers list or not, if there it will allow other members executed, no error is logged and stored (báo).
For the sudo user, they will be asking their own password to confirm request instead of using the command su root account is transferred to and enter the root password as unsafe.
How to use sudo how you read this post from going out.
II. How to create and manage user
Now let's proceed to the VPS via SSH login with user root okay and we're going to do each step in order.
2.1) How to create a new user
To create a new user, we will proceed using the command
useradd structure is:
1
| useradd named-user-need-created |
For example, I want to create a user name thach , I'll knock the
useradd thach .
By default, when created, this user will not have a password, you need to set a password for it. To set the user password in Linux you would use the command
passwd structure is:
1
| passwd user-name-to-set-up |
For example I want to set the password for the user thach will knock the
passwd thach .
When you have finished typing the password you will need to type 2 times.
To check if your user has not actually been added, you can check by reading the file / etc / passwd command
cat / etc / passwd , it will show all the users on VPS together with the rights and its group name.
That's it I got you, now on your VPS has a user named thach and you can log in with SSH user instead of root. But now the user does not have anything special rights so you will not use these commands to change the system, I will guide you to use sudo below.
2.2) of each user directory
Default on Linux, a user called root owns the directory path is / root .
However, if you add a user to, then the user will have a separate folder in / home . For example, I've just created a user called thach, I will have a folder named thach in / home.
And in personal folders, the user is added will have basic rights such as access folder, delete, create, change the content in the folder, but will not be entitled to the other folder if you do not have permission.
If you do not want to use the / home directory contains the user as they can change it by editing the file / etc / default / useradd . If you do not quite understand what you should not edit this file only needs to understand its contents.
Note: The fix how the file back to the previous post to see how to use pirated software.
Among them:
- GROUP : The group ID of the user default which will be put into the creation.
- HOME : The default path of the folder containing the generated members.
- INACTIVE : The time that the account will be locked permanently after the member's password expires.
- EXPIRE : The date on which the member's account is created by default blocked.Structures here date is YYYY-MM-DD (2014-09-23).
- Skel : user templates folder when created, the user will automatically copy the following files and folders in the folder / home / user-name.
- SHELL : As a default shell that user will be used. You just know when to SSH, type the command line in Linux, and execute, that is you are using Shell. If you do not want the user to be created with the right to use Shell leave this section blank.
- CREATE_EMAIl_SPOOL : Nom na is for members to be allowed to use the mail on the server if the option is yes. Mail will be stored in the file / var / mail / user-name or / var / spool / mail / user-name.
Note : The options in / etc / default applies useradd commanduseraddif you did not set up its own individual features. But if you want the user to be added with options separately, read more at the end.
2.3) Add rights for the user and use sudo
Now exit the root user and log back in with your username and password SSH that you created in the previous section, as the user has made his name as thach .
Now we try to use a system-related commands such as create user command see.
1
| useradd thach2 |
And you'll see it returns the result as " -bash: / usr / sbin / useradd: Permission denied", meaning that the current user does not have the right to execute this new root only be done alone.
As I said in the beginning, if you write a script that included the word sudo in front of the members will be able to do something based on the right of the Super User (root) without using the root account to execute . So now we try typing sudo add text to the front and offline.
1
| sudo useradd thach2 |
Ok, now it will show the content stream is:
01
02
03
04
05
06
07
08
09
10
| [Thach @ vpscanban ~] $ sudo useradd thach2We trust you have received the usual lecture from the local SystemAdministrator. It boils down to these three Thường things:# 1) Respect the privacy of others.# 2) Think before you type.# 3) With great power comes great Responsibility.[ sudo ] password for thach: |
This line means that it warns you are using the root user rights on the system and ask you to respect this right. To use sudo confirmation, type the password of the current user that you are logged into.
What happens after you finish typing? It does not execute the command that will show off this passage:
1
| thach is not in the sudoers file . This Will Be Reported incident. |
What the fuck are there? This passage means that the user you are logged in there is no list of members used the sudo command (sudoers), and this action will be reported. In this report are not reported to the police, which will be saved in the admin log to see who they were doing.
Denied use sudo
So how this user can use sudo here? Is simple, now you just log out and log back in with the root user offline.
Then you type the command
visudo . This command will open the file ie / etc / sudoersusing pirated software but will knock more compact instead of typingvi / etc / sudoers .
In here, you go through the drill mode Insert mode that will knock
: / Allows people 'in the group to seek to be corrected.
Now you write this paragraph below
#% wheel ALL = (ALL) ALL :
1
| % Quantri ALL = (ALL) ALL |
This line means allow group members
quantri be allowed to use all the command line.
Now press ESC to exit Insert mode and type 
: wq! for save and exit, so later I did not mention it again coz I have said in previous posts carefully then.
There is a problem though, we added group quantri sudoers list but we do not have group called quantri all. So, let's proceed to create a group called quantri the command
groupadd quantri .
To see the entire list on the VPS group, you can use the
cut d: -f1 / etc / group and check group name has not quantri. If there is then successful.
Create group finished, we need to do a work that is put into the user has not been granted quantri group (in this case your user is thach), use the following command to put a user on the group:
1
| usermod -G group-name-should-add-user name |
For example I want to add user thach in group
quantri then type:
1
| usermod -G group quantri |
After you have finished typing your user to see what they are typing in the group name-user groups (eg groups thach).
1
2
3
4
5
6
| [Root @ vpscanban ~] # groups thachthach: thach[Root @ vpscanban ~] # usermod-G quantri thach[Root @ vpscanban ~] # groups thachthach: thach quantri[Root @ vpscanban ~] # |
Ok, now you try logging out and logging back in to your newly created user and then try typing sudo adduser thach2 and password of the user currently logged on to see it in the error message is not okay, if not reported What error are successful.
Ok, from now on you can not be logged into the root account anymore but simply login with your secondary account and to use the sudo command only. Or you can create a user for other administrators to work without having taken root account.
There is also another way to use root privileges without using sudo which is
rubber .When typing su , you will switch to the root account and enter your root password.
Convert a regular user to root user with the su command.
2.4) Further useradd command
As above, you already know we're going to use the command
useradd-user-name to-add to add a new user to the VPS with the settings in the file / etc / default / useradd .
However, in some cases you want to edit a user's settings when you add to it rather lose to edit this file, then put defaults. In this section, I will guide you how to add a user to set options for the command structure is:
1
| useradd [options] user-name-to-add |
Adding users to the folder options
Add user default will put on / home, but with the following command you can customize the user's folder when adding.
1
| useradd d / path -name user |
For example I want to add a user called quankun located in the folder / trash (if not available, the system automatically creates) will write as:
1
| useradd d / trash quankun |
At this point, the user folder is quankun / not trash / trash / quankun okay. To see exactly what path this user, use the following command:
1
2
| [Root @ vpscanban ~] # cat / etc / passwd | grep quankunquankun: x: 502: 503 :: / trash: / bin / bash |
Adding users to group options
By default, when you add a new user, the user will facility located in a group with the same name as your user name. However, you can still force it to a member of a certain group that you want to add to rather than create a new group.
1
| useradd -G-user name-group name |
For example, create a user called himself thach3 and located in quantri group will do the following:
1
| useradd -G quantri thach3 |
Results:
1
2
3
| [Root @ vpscanban trash] # useradd-G quantri thach3[Root @ vpscanban trash] # groups thach3thach3: thach3 quantri |
You can also add more users to the group by writing and group names separated by commas.
1
| useradd -G quantri, admin, sysadmin thach3 |
Add a user does not create a private folder
By default it will create a separate folder for the user to add, but you can not force it to create separate folders by adding the parameter
M in order to create a user.
1
| useradd -M demo |
Create a user and lock on certain days
If you want to create a temporary user for a certain period, you can use the following command structure:
1
| useradd -e YYY-MM-DD-user name |
For example, I want to create one user name and will be deleted hongvan since September 30, 2014, I will write as:
1
| useradd -e 2014-09-30 hongvan |
To see the duration of a user you use the
chage as follows:
1
| chage-l user name |
Well, you should know that temporary is enough.
Epilogue
In this article I have explained quite carefully about how to manage the VPS and sudo user on what is and how to use sudo so that reasonable and effective, so that later if you see someone typing sudo anything that has the word in advance, do not have dental questions.
0 nhận xét:
Post a Comment