diff options
Diffstat (limited to 'ADMIN.md')
| -rw-r--r-- | ADMIN.md | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/ADMIN.md b/ADMIN.md new file mode 100644 index 0000000..9e3943a --- /dev/null +++ b/ADMIN.md @@ -0,0 +1,51 @@ +# Shell access administration + +Accounts can optionally be granted shell access. + + +## Shell + +Enable shell access like this: + + chsh -s /bin/bash $USER + +Disable shell access like this: + + chsh -s /bin/false $USER + + +### Remote + +Ensure that the account contains user contact info +(full name, email, and cellphone number). + +Request one or more ssh public keys from the user. + +Create folder ~$USER/.ssh: + + mkdir -p ~$USER/.ssh + chown $USER: ~$USER/.ssh + chmod u=rwX,go= ~$USER/.ssh + +Create the file ~$USER/.ssh/authorized_keys: + + touch ~$USER/.ssh/authorized_keys + chown $USER: ~$USER/.ssh/authorized_keys + chmod u=rw,go= ~$USER/.ssh/authorized_keys + +Add SSH key in ~$USER/.ssh/authorized_keys + +RFC4716-style keys e.g. from PuTTY can be converted like this: + + ssh-keygen -f $FILE -i + + +## Root + +Check that the user understands the responsibilities involved! + +Check again! + +Add account to group "sudo": + + adduser $USER sudo |