Note: The user that installed the operating system is <adminuser>, and it can turn into root.

Create administrator users

_$: addgroup admingroup
_$: for user in <admin 1> <admin 2>
    adduser $user
    usermod $user -aG admingroup

_$: visudo
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
%admingroup ALL=(ALL) ALL

Disable login as root

# Authentication:
LoginGraceTime 120
PermitRootLogin no      <===
StrictModes yes

Other users

For every web application that we deploy to this server we will create a user and a group with its name.

After that, we will also create an SSH key for that user and copy it to the devops server.

Example: Create user and group for project webapp

(root@web)_$: adduser  webapp
(root@web)_$: addgroup webapp
(root@web)_$: su - webapp
(webapp@web)_$: ssh-keygen -b 4096
(webapp@web)_$: ssh-copy-id -i .ssh/