sudo adduser [username] with username in the form [last][first], and a temporary password, fill in Full Name field and Other field with team rolesudo passwd -e [username]sudo usermod -aG docker [username] if they need docker accesssudo usermod -aG sudo [username] if they need sudo access. Use this one sparingly!sudo deluser --remove-home [username]Instead of having one monolithic account, we’ve moved to accounts for individuals for security purposes. The spacesys account will still be available, but only locally.
To create a new user:
sudo adduser [username]
Following in the style of VPN credentials, usernames should be in the form of [lastname][firstname], i.e. smithjohn.
At creation, give the new user an easy to remember password. However, to work towards zero-trust, use the command sudo passwd -e [username] to force a password change on first login.
The user will be automatically added to a number of default groups, which can be viewed by running groups [username]. However, there are some ✨special✨ groups that can be added on an as-needed basis. They can be added using usermod -aG [groupname] [username].
| Group | Purpose |
|---|---|
docker |
Gives access to docker commands and full access to /srv/dockerfiles |
sudo |
The keys to the castle. The top dog. The highest level of privilege that one can have. Well, on this server at least. Use sparingly and only when specifically needed. |
license |
(eventually) the group to do all the license server stuff |
mkdir [dir]. We typically save shared directories in /srv/.chown :[group] [dir]