## User Setup
### Adding a User
Once you've found a suitable server you'll need to login to it and manage it from the command line. Usually you will be given root access (this means a root user exists on the server, with no restrictions) initially and it's up to you to secure the server with best practices. For any public facing server it is recommended that you setup a new user and disable log in using the root user.
$ adduser <example>### Adding a User to a Group
You will be asked to set a password for this user, as well as some optional questions. Now, we want to allow this user to use sudo commands, which means they will temporarily be given administritive privileges. So we add the new user to the sudo group:
$ adduser <example> sudoThat looks remarkably like the last command! Yes, the adduser command is a kind of combination of various commands, it actually uses gpasswd to add the user to the group. You do need to create the user first and then add to the group. Using gpasswd it would look like this:
# -a for add, you can remove a user from a group with -d instead
$ gpasswd -a <user> <group>Now that your user can issue commands using sudo, it means you should be able to do most tasks without being logged in as the root user. In any case, it's unnecessary and a security issue to login directly via SSH to the root user account, so we will disable that functionality.
A tip here is to also setup a second shell in case you mess up and can't log back in!
We need to edit this file /etc/ssh/sshd_config, which is just a configuration file for the ssh protocol.
I've chosen
nanoas the text editor as it is the easiest to grasp for beginners. Personally, I would recommend learningvimif you are going to be working in the terminal a lot, as it has very powerful text editing features.
$ nano /etc/ssh/sshd_configBut wait! If you try to edit this file, it will not save as we do not have write access (check the bottom of the file, it should say something like Warning: No write permission). If you list the files in the directory (ls -la /etc/ssh/) you will see something like this:
..
-rw-r--r-- 1 root root 2527 Jan 15 12:40 sshd_config`
..
So this means that the root user owns the configuration file. We need to use our new sudo power! A quick tip is that you can issue the previous command with !!. So sudo !!, will actually run:
TODO: If you're not familiar with file permissions, users, and groups
$ sudo nano /etc/ssh/sshd_configHmmm, it appears the user doesn't have sudo access after all, what gives? You need to logout and log back in for any group change to take effect.
Now, look for the line PermitRootLogin yes and switch it to PermitRootLogin no. In nano you can search using CTRL+W, type the search and hit enter. The cursor will jump to the line of the first occurrence.
Save the file and exit - CTRL+X then y for yes.
$ sudo apt-get update
$ sudo apt-get apache2"Could not reliably determine the server's fully qualified domain name"
This is an harmless error, but if you want it gone then you need to declare the server name globally:
// Create a new configuration file with the ServerName variable set to 'localhost'
$ echo "ServerName localhost" | sudo tee /etc/apache2/conf-available/servername.conf
// Enable this new configuration file, note that the name is that of the file without extension
$ sudo a2enmod servername
// Reload apache
$ sudo service apache2 reload