How To Add A Limited User Account To Your Server

How To Add A Limited User Account To Your Server

Bitwarden Unified Self Hosted Tutorial How To Secure And Harden Your Ubuntu Server How To Add A Limited User Account To Your Server

Why You Need To Create A Limited User Account

So far, we've done everything on our server as 'root.' This is the master administrative account of our server, with no limitations and access to everything.

Moving forward, we don't want to do that anymore. We want to create a user account on our server, just like on our computer, with limited privileges. That way, it's much harder for us to damage the server if we make a mistake and harder for a malicious attacker to access our server or create havoc if they gain access.

Use the following command to add a new user, and replace example_user with a username of your choice. Because we are setting up Bitwarden, we do not recommend using the user name 'bitwarden'.

adduser example_user

You'll be prompted to create a password for that user. Make sure it is secure and that you don't forget it.

You'll then be prompted to fill in a bunch of information for your user. You can fill it out if you like, I never do. Just hit 'Enter' until you're back at your Command Line Interface.

Next, we need to add that user to our 'sudo' group so it has limited administrator privileges.

adduser example_user sudo

Creating An SSH Directory

There's one last thing we need to do before we reboot our server.
We need to create a directory to upload our SSH keys in the next step and give that directory the proper permissions. However, we want to do that as the Limited User we created.
So let's switch over to our Limited User account with the following command:

su $username

Replace $username with the user name you just created.
You'll see your username change on the left-hand side. Instead of 'root@hostname' it will be 'user@hostname'.

changed user name

Use the following command to make a directory named '.ssh' and set the proper permissions we'll need.

mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/

Rebooting Your Server

We're all set with what we will do with this login to our server. Let's reboot this bad boy so we can make sure our kernel updates and all our system updates take effect, and while we're waiting for it to boot back up, we're going to generate our private ssh keys so that from now we login via a much more secure manner.

Use the following command from the CLI to reboot your server.

sudo reboot now

While you're server is botting back up, let's learn about how to secure our SSH login!

Previous Lesson
Back to Module
Next Lesson
by: