How to Create New User Accounts with Restricted Access

How to Create New User Accounts with Restricted Access

Creating user accounts with restricted access on your dedicated server is a crucial step in managing security and ensuring that each user has only the permissions they need. This guide will walk you through the process of creating new user accounts with limited privileges, helping you maintain a secure and organised environment on your server.

Step 1: Log in to your server
Use SSH to connect to your dedicated server. You’ll need root access or a user account with administrative privileges to create new users.

• Open your terminal or SSH client.
• Run the command:

  ssh root@your-server-ip
  

Step 2: Create a new user account
Once connected to your server, you can create a new user account using the adduser or useradd command.

• To create a new user, run:

  adduser username
  

  Replace username with the desired name for the new account.

• Set a password for the user:

  passwd username
  

  You’ll be prompted to enter and confirm a password.

Step 3: Assign restricted privileges
By default, the new user won’t have administrative rights. If this user doesn’t need access to administrative tasks, no additional configuration is needed.

If the user needs specific access (e.g., a directory or certain files), you can grant permissions by modifying their group membership or file permissions.

• Add the user to a specific group:

  usermod -aG groupname username
  

  Replace groupname with the desired group (e.g., developers or ftpusers).

• Adjust directory permissions:

  chmod 750 /path/to/directory
  chown username:groupname /path/to/directory
  

Step 4: Restrict shell access (optional)
If the user doesn’t need command-line access, you can assign them a restricted shell.

• Set a restricted shell for the user:

  usermod -s /usr/sbin/nologin username
  

• Verify the shell restriction:

  cat /etc/passwd | grep username
  

Step 5: Set up SSH access (if needed)
If the user requires SSH access, consider configuring it with key-based authentication for added security.

• Create an .ssh directory for the user:

  mkdir /home/username/.ssh
  chmod 700 /home/username/.ssh
  

• Add the public key to the authorized_keys file:

  nano /home/username/.ssh/authorized_keys
  

  Paste the public key and save the file.

• Adjust permissions:

  chmod 600 /home/username/.ssh/authorized_keys
  chown -R username:username /home/username/.ssh
  

Step 6: Test the new user account

Switch to the new user to verify the configuration:

su - username

Check if the user has the intended access and restricted privileges.

Step 7: Regularly review and manage user accounts
For ongoing security:

• Periodically review user accounts and permissions.
• Disable or remove unused accounts:

  userdel username
  

• Keep your server updated to minimise vulnerabilities.

By following these steps, you can effectively create user accounts with restricted access on your dedicated server. This not only enhances security but also ensures that users can only access what’s necessary for their tasks. Managing permissions properly will help you maintain a robust and secure server environment.