WARNING Create a snapshot before doing any changes!!!
Example new user data:
- Username: exampleuser
- Password: examplepassword
- Home: /home/exampleuser/
- IP: exa.mp.le.ip
adduser exampleuser
creates:
Adding user `exampleuser' ...
Adding new group `exampleuser' (1000) ...
Adding new user `exampleuser' (1000) with group `exampleuser' ...
Creating home directory `/home/exampleuser' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for exampleuser
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
Type y to accept.
usermod -aG sudo exampleuser
cp -p /etc/sudoers /etc/sudoers.ORIG
WARNING Use visudo and not nano. Nano will make the server fail!!!
visudo -f /etc/sudoers
change:
# Cmnd alias specification
to:
# Cmnd alias specification
Cmnd_Alias DISABLE_SU = /bin/su
change:
%sudo ALL=(ALL:ALL) ALL
to:
%sudo ALL=(ALL:ALL) ALL, !DISABLE_SU
WARNING Use vim and not nano. Nano will make the server fail!!!
vim /etc/ssh/sshd_config
change:
PasswordAuthentication no
to:
PasswordAuthentication yes
sudo systemctl restart sshd
Test sudo su to see if you receive an error message should the user attempt to elevate their priveliges.
sudo su
Should receive:
Sorry, user exampleuser is not allowed to execute '/usr/bin/su' as root on exampledomain.com.