It is not user documentation and should not be treated as such.
Documentation is available here.
Adding a new system administrator to a host
Here are the general steps for adding a new system administrator with ‘sudo’ access to a host.
Modify these steps for giving specific ‘sudo’ access, such as to backups, restarting web services, etc. when the team is ready to sub-divide admin tasks.
- Switch to the root user or use ‘sudo’ (preferable):
su - ## Or do all this with sudo, preferably
- Add the new user to the system:
- If the system uses e.g. the
wheelgroup for sudo permissions, add the user to the appropriate group for sudo permission:
usermod -a -G wheel foo
- Create the user’s password to activate the account; the user will not use this password to login, but they need it for ‘sudo’:
- Create the user’s SSH config directory:
- Change ownership of the user’s SSH config directory:
chown foo:foo /home/foo/.ssh
- Change directory permissions to read/write/execute for the user only:
chmod 700 /home/foo/.ssh
- Either paste the ‘id_rsa.pub’ contents in to ‘authorized_keys’ or …
vi /home/foo/.ssh/authorized_keys ## Then paste the id_rsa.pub ## contents in to the ## 'authorized_keys' file ## ## Or if no file exists ...
- … move the ‘id_rsa.pub’ file in to the directory with the new name of ‘authorized_keys’:
cp /tmp/foo-id_rsa.pub /home/foo/.ssh/authorized_keys
- Change the file’s ownership to the new user:
chown foo:foo /home/foo/.ssh/authorized_keys
- Confirm the file’s permissions are read/write for the user, read for everyone else, by changing them:
chmod 644 /home/foo/.ssh/authorized_keys
- Add the user to the ‘sudoers’ file:
visudo ## Add the following stanza ## for 'foo' below the one for ## 'root': #* Allow root to run any commands anywhere root ALL=(ALL) ALL foo ALL=(ALL) ALL
- The final permissions:
ls /home/foo/.ssh/ -hal total 12K drwx------ 2 foo foo 4.0K Dec 3 19:38 . drwx------ 3 foo foo 4.0K Dec 3 19:34 .. ## ~/.ssh is correct -rw-r--r-- 1 foo foo 604 Dec 3 19:33 authorized_keys ## authorized_keys file is correct
Here are the final commands as run:
useradd foo passwd foo ## If using the wheel group use the following command: usermod -a -G wheel foo mkdir /home/foo/.ssh chown foo:foo /home/foo/.ssh chmod 700 /home/foo/.ssh ## One of the following two methods for creating the authorized_keys file vi /home/foo/.ssh/authorized_keys cp /tmp/foo-id_rsa.pub /home/foo/.ssh/authorized_keys chown foo:foo /home/foo/.ssh/authorized_keys chmod 644 /home/foo/.ssh/authorized_keys ## If not using the wheel group, add directly to sudoers file with the following command: visudo ls -hal /home/foo/.ssh
Category:Infrastructure documentation Category:Infrastructure SOP