Setting up a new user in Ubuntu from scratch

Adding new users to Ubuntu is easy because of the convenience tools that exist.

Start with the command

sudo useradd -d /home/testuser -m testuser

This creates the user and sets up a default home directory. The user doesn't have a password, but you could add one with passwd if you wanted to.

Then create a directory .ssh in their home directory. Create a file called authorized_keys in the directory and copy in contents of the users public key into it.

Chown the .ssh directory (and file) to the user and chmod the file to 600. The directory should be mode 700.

Make sure that /etc/sshd_config is set up to deny logging in by password.

If you want to set up their bash profile you can copy the ".profile" and ".bashrc" files to their home directory. Remember to edit /etc/passwd and set their shell to bash.

The user should be able to login using their public key by setting up their .ssh/config on their home machine.

Host foo
HostName server.ip.address
User testuser
IdentityFile ~/.ssh/id_rsa

If you want to set them up with your custom bash stuff then remember to copy the files into their home directory and chown them. You will need to change their shell to bash by editing /etc/passwd

If you want them to have administrative privilege on the machine you need to add them to the "sudo" group with this command : usermod -aG sudo username. Because you've disabled password access to the machine you'll need to add a new config file in /etc/sudoers.d that allows them to sudo without a password. It will need to have a line like this: testuser ALL=(ALL) NOPASSWD:ALL

If you're feeling lazy you might want to use a script. I've created one and shared it below, but I strongly suggest that you rather write your own and don't use mine for anything other than an idea. I'm not guaranteeing that it works or even that it's particularly useful.

Comments

Separating business logic from persistence layer in Laravel

There are several reasons to separate business logic from your persistence layer. Perhaps the biggest advantage is that the parts of your application which are unique are not coupled to how data are persisted. This makes the code easier to port and maintain. I'm going to use Doctrine to replace the Eloquent ORM in Laravel. A thorough comparison of the patterns is available here . By using Doctrine I am also hoping to mitigate the risk of a major version upgrade on the underlying framework. It can be expected for the ORM to change between major versions of a framework and upgrading to a new release can be quite costly. Another advantage to this approach is to limit the access that objects have to the database. Unless a developer is aware of the business rules in place on an Eloquent model there is a chance they will mistakenly ignore them by calling the ActiveRecord save method directly. I'm not implementing the repository pattern in all its glory in this demo.

Fixing puppet "Exiting; no certificate found and waitforcert is disabled" error

While debugging and setting up Puppet I am still running the agent and master from CLI in --no-daemonize mode. I kept getting an error on my agent - ""Exiting; no certificate found and waitforcert is disabled". The fix was quite simple and a little embarrassing. Firstly I forgot to run my puppet master with root privileges which meant that it was unable to write incoming certificate requests to disk. That's the embarrassing part and after I looked at my shell prompt and noticed this issue fixing it was quite simple. Firstly I got the puppet ssl path by running the command puppet agent --configprint ssldir Then I removed that directory so that my agent no longer had any certificates or requests. On my master side I cleaned the old certificate by running puppet cert clean --all (this would remove all my agent certificates but for now I have just the one so its quicker than tagging it). I started my agent up with the command puppet agent --test whi

Redirecting non-www urls to www and http to https in Nginx web server

Image: Pixabay Although I'm currently playing with Elixir and its HTTP servers like Cowboy at the moment Nginx is still my go-to server for production PHP. If you haven't already swapped your web-server from Apache then you really should consider installing Nginx on a test server and running some stress tests on it. I wrote about stress testing in my book on scaling PHP . Redirecting non-www traffic to www in nginx is best accomplished by using the "return" verb. You could use a rewrite but the Nginx manual suggests that a return is better in the section on " Taxing Rewrites ". Server blocks are cheap in Nginx and I find it's simplest to have two redirects for the person who arrives on the non-secure non-canonical form of my link. I wouldn't expect many people to reach this link because obviously every link that I create will be properly formatted so being redirected twice will only affect a small minority of people. Anyway, here's

Adventures in IT

Search This Blog