X-Git-Url: https://git.josue.xyz/?a=blobdiff_plain;f=ssh-adduser%2FREADME.md;h=06b282a19328827e5d4bd228459d4d46bd65b99d;hb=31e780afa641bb0b67b8f48e873c53273ea50462;hp=8a27a1016c5c48d76da71691d7948d9106e7c954;hpb=ace876458ef3f28922da6803a22278e0c7ed17ad;p=webi-installers%2F.git diff --git a/ssh-adduser/README.md b/ssh-adduser/README.md index 8a27a10..06b282a 100644 --- a/ssh-adduser/README.md +++ b/ssh-adduser/README.md @@ -4,24 +4,28 @@ homepage: https://webinstall.dev/ssh-adduser tagline: | SSH adduser: Because friends don't let friends login or run stuff as root linux: true -description: | - Many modern web programs (`npm` and `postgres`, for example) will not function correctly if run as root. +--- - `ssh-adduser` will +## Cheat Sheet - 1. add the user `me` - 2. set a random, 32-character password (as a failsafe) - 3. copy the `root` user's **`~/.ssh/authorized_keys`** (so the same users can still login) - 4. give the `me` user `sudo` (admin) privileges - 5. allow `me` to `sudo` without a password ---- +> Many modern web programs (`npm` and `postgres`, for example) will not function +> correctly if run as root. + +`ssh-adduser` will + +1. add the user `app` +2. set a random, 32-character password (as a failsafe) +3. copy the `root` user's **`~/.ssh/authorized_keys`** (so the same users can + still login) +4. give the `app` user `sudo` (admin) privileges +5. allow `app` to `sudo` without a password -How to create a new user named 'me': +How to create a new user named 'app': ```bash # --disable-password prevents a password prompt # --gecos "" skips the useless questions -adduser --disabled-password --gecos "" me +adduser --disabled-password --gecos "" app ``` How to create a and set a random password: @@ -30,30 +34,30 @@ How to create a and set a random password: # sets 'my_password' to 32 random hex characters (16 bytes) my_password=$(openssl rand -hex 16) -# uses 'my_password' for to reset and confirm 'me's password -printf "$my_password"'\n'"$my_password" | passwd me +# uses 'my_password' for to reset and confirm 'app's password +printf "$my_password"'\n'"$my_password" | passwd app ``` -How to make the user 'me' a "sudo"er (an admin): +How to make the user 'app' a "sudo"er (an admin): ```bash -adduser me sudo +adduser app sudo ``` -How to allow 'me' to run sudo commands without a password: +How to allow 'app' to run sudo commands without a password: ```bash -echo "me ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/me +echo "app ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/app ``` How to copy allowed keys from root to the new user: ```bash -mkdir -p /home/me/.ssh/ -chmod 0700 /home/me/.ssh/ +mkdir -p /home/app/.ssh/ +chmod 0700 /home/app/.ssh/ -cat "$HOME/.ssh/authorized_keys" >> /home/me/.ssh/authorized_keys -chmod 0600 /home/me/.ssh/authorized_keys +cat "$HOME/.ssh/authorized_keys" >> /home/app/.ssh/authorized_keys +chmod 0600 /home/app/.ssh/authorized_keys -chown -R me:me /home/me/.ssh/ +chown -R app:app /home/app/.ssh/ ```