The Beautiful Linux

In my last article here I discussed the Rule of least privilege and how wise it is to disable remote root login and only login with a user with sudo access for security purposes. By disabling root we remove a very easy attack on our Linux machine since every bad guy out there knows of root. Today let's discuss a little bit about User Management

User management

While you disable your root user, you need to create a new user with sudo access. To create a new user - sudo adduser username

sudo adduser pearl

While creating the user, it will demand you set a password, and some basic other details like Full Name etc, do well to complete the ones you want Screenshot at 2019-09-02 15-46-06.png

Let's now check if this user was created successfully using finger Screenshot at 2019-09-02 15-46-43.png From the image above, you can see that our new user has been created successfully. Most of these information are stored inside a file that list information about each user. the /etc/passwd file let's check it out

sudo cat /etc/passwd

Screenshot at 2019-09-03 11-37-20.png You will see a lot of lines in this pattern, this file stores information about each user in our computer. Each line has an entry for each user and each user has a number of fields on one line. Lets try understanding the lines

student:x:1001:1001:New Student,,,:/home/student:/bin/bash

The 1st field is the username of the user, followed by a letter representing encrypted password, the 3rd and 4th field stores your userid and groupid, the 5th field there is used to show the description of the user - New Student,,, - the last 2 fields represent the users home directory and shell

Now lets try using sudo with the new user created. First I’ll change to the new user using su - username Screenshot at 2019-09-04 16-08-43.png Here i have logged in with a user I created called pearl Let's try running a sudo command on this user

sudo cat /etc/passwd

Screenshot at 2019-09-02 16-23-00.png If we notice above it says that our new user pearl is not in the sudeors file and so it does not have sudo access. Let’s login back as the user with sudo access and fix this error. All users with sudo access are inside the sudoers file, so let’s read it with cat Screenshot at 2019-09-02 16-41-19.png If we see the root and sudo users are listed and have access to everything, that’s the reason while sudo can perform all root tasks Screenshot at 2019-09-02 16-58-04.png If you see below its directing us to check another file /etc/sudoers.d Screenshot at 2019-09-02 17-09-30.png So what this means is that the system is telling this file to also check what we have in /etc/sudoers.d file and include it in this file as though it were written directly here. This is a good practice since distribution updates could update our sudoers file, it's good to keep it separately eliminating the risk of loosing your users.

In linux you can give sudo access by creating another file inside your /etc/sudoers.d folder I’m running a debian distro, though it might work on all linux distributions. Let's give sudo access to a new user. Open the sudoers file again using nano

sudo nano /etc/sudoers

Screenshot at 2019-09-03 11-31-47.png Copy the line containing root, paste it on another line and replace it with the new username and save. Now lets try using sudo with the new user created First I’ll change to the new user using

su - username

then

sudo cat /etc/passwd

This time you will see that the content of /etc/passwd file will be listed because the new user has been given sudo access.

Server Login

You can login into your server with your new user created using ssh

Screenshot at 2019-09-02 16-08-49.png ssh is an application used to connect remotely to the server, 127.0.0.1 is the IP address we want to connect to, this IP address generally represents localhost, that’s the same machine you are sitting on. pearl@127.0.0.1 is saying connect the user to this IP address. -p 2222 is the port we want to connect from It will request for the password you entered while creating the user. One way to secure our server is by forcing the user to reset their password whenever they login

sudo passwd -e student

This command sets the user password to expiry Screenshot at 2019-09-03 13-46-31.png And when you type any other command it requests you change your password, if you try using same command, you get password unchanged. Screenshot at 2019-09-03 14-46-04.png

Summary

We now know how to create a new user on Linux and give it sudo access, the /etc/passwd & /etc/passwd.d and how to set user password to expiry.