Terug naar Documentatie01
Create a new user
bash
# Create user with home directory
sudo useradd -m -s /bin/bash username
# Set password
sudo passwd username
# All in one (Debian/Ubuntu: more interactive)
sudo adduser username
Verify the user was created:
bash
id username
cat /etc/passwd | grep username
02
Give sudo access (administrative privileges)
bash
# Add to sudo group (Ubuntu/Debian)
sudo usermod -aG sudo username
# Add to wheel group (CentOS/AlmaLinux/RHEL)
sudo usermod -aG wheel username
# Verify groups
groups username
For sudo without password (e.g. for automated scripts):
bash
echo "username ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/username
03
SSH access for the new user
With password
The user can already connect via SSH with their password (if PasswordAuthentication yes in sshd_config).
With SSH key
bash
# Create .ssh directory for new user
sudo mkdir -p /home/username/.ssh
sudo chmod 700 /home/username/.ssh
# Add the user's public key
sudo nano /home/username/.ssh/authorized_keys
# Paste the public key (e.g. content of id_rsa.pub)
# Set correct permissions
sudo chmod 600 /home/username/.ssh/authorized_keys
sudo chown -R username:username /home/username/.ssh
04
Create an SFTP-only user (without SSH)
Useful to give file access to collaborators without shell access:
bash
# Create user without shell
sudo useradd -m -s /usr/sbin/nologin sftpuser
sudo passwd sftpuser
# Create the directory the user will see
sudo mkdir -p /home/sftpuser/files
sudo chown sftpuser:sftpuser /home/sftpuser/files
# Configure SSH for SFTP chroot
sudo nano /etc/ssh/sshd_config
Add at the end of /etc/ssh/sshd_config:
Match User sftpuser
ForceCommand internal-sftp
ChrootDirectory /home/sftpuser
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
bash
# Home must be owned by root for chroot
sudo chown root:root /home/sftpuser
sudo chmod 755 /home/sftpuser
sudo systemctl restart ssh
05
Delete a user
bash
# Delete user (keep home)
sudo userdel username
# Delete user and their home
sudo userdel -r username
# Verify
id username # should say "no such user"
06
Change a user's shell
bash
# Change shell
sudo chsh -s /bin/bash username
sudo chsh -s /bin/zsh username
sudo chsh -s /usr/sbin/nologin username # disable login
# See available shells
cat /etc/shells
07
Lock / unlock an account
bash
# Lock (adds ! to password)
sudo usermod -L username
sudo passwd -l username
# Unlock
sudo usermod -U username
sudo passwd -u username
# Check status
sudo passwd -S username
# Output: username L ... (L = locked, P = password active)
08
List users and active sessions
bash
# All system users
cat /etc/passwd | cut -d: -f1
# Only users with home (humans, not system)
awk -F: '$3 >= 1000 && $3 < 65534 {print $1}' /etc/passwd
# Who is connected now
who
w
# Last accesses
last | head -20
# Last failed attempts
sudo lastb | head -20
09
Permissions on files and directories
bash
# Change owner
sudo chown username:username /path/file
# Change recursively
sudo chown -R www-data:www-data /var/www/html
# Standard permissions for web
sudo find /var/www/html -type f -exec chmod 644 {} \;
sudo find /var/www/html -type d -exec chmod 755 {} \;
Gerelateerde artikelen
Server Management
Server Reboot
How to properly restart your VPS or VDS, both via SSH and from the control panel
2 min lezen
Server Management
Resource Monitoring
How to check CPU, RAM, disk and network on your server in real time
2 min lezen
Server Management
Disk Management
How to check disk space, find large files and free up disk space
2 min lezen
DeluxHost, opgericht in 2023, biedt hoogwaardige hostingoplossingen voor diverse digitale behoeften. Wij bieden gedeelde hosting, VPS en dedicated servers met geavanceerde beveiliging en wereldwijde datacenters.
© DeluxHost, Alle rechten voorbehouden. | BTW-nummer: IT17734661006
