How to Create a Sudo User in Debian 10

Create a sudo user in Debian 10

There are many reasons why you may prefer to create a sudo user in your Debian system as an alternative to the root user for your cloud VPS or bare metal server hosting. For initial installation and system configuration, and depending on your comfort level, using the root user is a quick and easy way to get up and running. However, for day to day usage and maintenance of your system it is considered a best practice to have a sudo user available and disallow root access. This is also recommended for security purposes. In this article, you will learn how to create a sudo user in your Debian 10 system and how to disallow root access going forward.

If you don’t need cPanel, don't pay for it. Only pay for what you need with our scalable Cloud VPS Hosting.

check markCentOS, Debian, or Ubuntu check markNo Bloatware check markSSH and Root Access

Reasons For Creating a Sudo User?

As mentioned above, there are many reasons for creating a sudo user, but most significantly, creating a sudo user:

  • Makes your system more secure
  • Makes user-specific actions easier to accomplish
  • Mitigates catastrophic user errors
  • Allows your user to run root-level commands as needed, prepended with sudo
sudo <command>

Add a Sudo User to Your Debian System

With the following commands you will effectively create a new sudo user on your system and be able to switch into that user.

First, log into your system with the default root user. In order to accomplish this, you will have already added an SSH key to your server via the Account Management Panel. Be sure to replace “example.com” with your primary domain or dedicated IP address:

ssh [email protected]

Once you are logged into the server, you can begin by creating the new user account with the adduser command:

adduser <user>

You will be prompted with several form fields. You can fill these out or optionally skip through them using your Enter key. However, you must create a strong password for the user. (Even though you will later be using SSH to log into the server, it is still good practice to create this strong password.)

Next, it’s time to grant “sudo” privileges to the user, for which you can run the following command:

usermod -aG sudo <user>

Now you have successfully created a new user on your Debian system with sudo privileges. You are now able to switch from your root user to the new user using the su command:

su <user>

How to Log Into Sudo User With SSH Key

Remember, even if you disallow root login, you can always assume the root user using the su command above.

To configure your new user for instant login via SSH, you must simply edit the SSH configuration file to

  1. Allow sudo users to log in with a key
  2. (Optionally) disable root login via SSH (most secure)

You can use any text editor to edit the SSH configuration file, but for the examples that follows the nano text editor will be used:

sudo nano /etc/ssh/sshd_config

Change the following line:

- AllowGroups wheel root

To allow to sudo users:

+ AllowGroups wheel root sudo

Change the “PermitRootLogin” line from “without-password” to a value of “no”.

- PermitRootLogin without-password
+ PermitRootLogin no

Use the cd command to chagne into your home directory:

cd

Make a directory called “.ssh”:

mkdir .ssh

Change into the “.ssh” directory:

cd .ssh

Create a file called “authorized_keys” and paste your local SSH public key into the file:

nano authorized_keys

Change permissions of this file to 600:

chmod 600 authorized_keys

Changing back to home directory, it’s also a good idea to change permissions of the “.ssh” directory to 700:

chmod 700 ~/.ssh

Now, you can go ahead and restart the SSH service:

sudo service ssh restart

If you have completed all of these steps you can now log directly into your server with the sudo user from your local machine:

ssh <user>@example.com

Well done! You now have a sudo user you can use to administer your Debian server without the security hazards of a dangling root user. If you have any comments or questions about this procedure please drop them below.

Reach your users with a VPS server in USA.

CM
Christopher Maiorana Content Writer II

Christopher Maiorana joined the InMotion community team in 2015 and regularly dispenses tips and tricks in the Support Center, Community Q&A, and the InMotion Hosting Blog.

More Articles by Christopher

Was this article helpful? Join the conversation!

Questions about our MailChannels Deployment? We have answers and are here to help!Learn More
+