Ubuntu Linux setup basics

For username "foo":

$ adduser foo

$ passwd foo

$ sudo usermod -aG sudo foo

$ mkdir -p /home/foo/.ssh

$ cat the_public_key.pem >> /home/foo/.ssh/authorized_keys

$ chown -R foo:foo /home/foo/.ssh

$ chmod 700 /home/foo/.ssh

$ chmod 600 /home/foo/.ssh/authorized_keys

Disable default account:

$ usermod -s /usr/sbin/nologin default_username

Notes:

Not useradd.
Even when logging in with just SSH key, user must have a password. It will only be used for sudo commands.

Sources:

https://unix.stackexchange.com/questions/210228/add-a-user-without-password-but-with-ssh-and-public-key

Sudoers basics

Define text editor

$ sudo update-alternatives --config editor

Edit /etc/sudoers file

$ sudo visudo /etc/sudoers

Add a user to sudo group

$ sudo usermod -aG sudo username
or
$ sudo gpasswd -a username sudo

(but CentOS uses "wheel" group instead)

Default config for Ubuntu 22:

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

Remove login for default users:

$ usermod -s /usr/sbin/nologin username

Sources:

• https://www.sudo.ws/docs/man/1.8.17/sudoers.man
• https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file#user-privilege-lines

view raw sudoers_cheat_sheet.md hosted with ❤ by GitHub