Create multiple sudo users to EC2 Amazon Linux

 

Let’s say if an organization of 5 people going to access same server and sharing the same private key / password between users is not a good idea.

This post helps you to create multiple users / accounts and generating private key for each user.

Each Linux instance type launches with a default Linux system user account. Default users for following amazon instances are as follows.

Instance Type User
Amazon Linux ec2-user
RHEL5 root or ec2-user
Ubuntu ubuntu
Fedora fedora or ec2-user
SUSE Linux root or ec2-user

If ec2-user and root don’t work, check with your AMI provider.

Two Basic operations are needed perform to get this job done:

1) To add a new user to the system:

Use adduser command and the name of the user you wish to create.
[ec2-user@ip-xxx-xx-xx-xxx ~]$ sudo adduser newuser

Above command adds the newuser account to the system (with an entry in the file /etc/passwd file), creates a newuser group , and creates a home directory for the account in /home/newuser

2) Remote access to newuser:

  1. Switch to the new account so that newly created files have the proper ownership.
  2. [ec2-user@ip-xxx-xx-xx-xxx ~]$ sudo su – newuser

  3. Create a .ssh directory for the authorized_keys file.
  4. [newuser@ip- xxx-xx-xx-xxx ~]$ mkdir .ssh

  5. Change the file permissions of the .ssh directory to 700 (this means only the file owner can read, write, or open the directory).
  6. [newuser@ip- xxx-xx-xx-xxx ~]$ chmod 700 .ssh

  7. Create a file named “authorized_keys” in the .ssh directory.
  8. [newuser@ip- xxx-xx-xx-xxx ~]$ touch .ssh/authorized_keys

  9. Change the file permissions of the authorized_keys file to 600 (this means only the file owner can read or write to the file).
  10. [newuser@ip- xxx-xx-xx-xxx ~]$ chmod 600 .ssh/authorized_keys

  11. Edit the authorized_keys file and place public/private key which is generated

 
public/private key can be created via PuTTY Key Generator.

At this level, you should now be able to login into the same Ec2 Instance with new user without any sudo permission’s.

Assigning sudo permission’s to newuser

  1. Login as ec2-user and switch to root
  2. [ec2-user@ip-XXX-XX-XX-XXX ~]$ sudo su
  3. Add “newuser” to sudoers list by
  4. [root@ip-XXX-XX-XX-XXX ec2-user]# visudo
  5. And add this to the last line
  6. newuser ALL=(ALL)NOPASSWD:ALL

Leave a Reply