Users (II)
Note: The user that installed the operating system is <adminuser>, and it can turn into root.
Create developer users
_$: addgroup develgroup
_$: for user in <developer 1> <developer 2> <developer N>
do
adduser $user
usermod $user -aG develgroup
done
_$: chmod o-rx /home/*
Create administrator users
_$: addgroup admingroup
_$: for user in <admin 1> <admin 2>
do
adduser $user
usermod $user -aG admingroup
done
_$: visudo
...
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
%admingroup ALL=(ALL) ALL
Create user and group for backups
_$: adduser backupuser
_$: addgroup backupgroup
_$: for user in <admin 1> <admin 2>
do
usermod $user -aG backupgroup
done
Disable login as root
/etc/ssh/sshd_config:
---------------------
...
# Authentication:
LoginGraceTime 120
PermitRootLogin no <===
StrictModes yes
Special users
Create user for git
_$: adduser gituser
_$: usermod gituser -aG develgroup
Create a user for automated operations
_$: adduser daemonuser
_$: visudo
...
# Allow daemonuser to synchronize things
daemonuser ALL= NOPASSWD: /usr/bin/rsync