Create multiple sudo users to EC2 Amazon Linux
Let’s say if an organization of 5 people going to access same server and sharing the same private key / password between users is not a good idea.
This post helps you to create multiple users / accounts and generating private key for each user.
Each Linux instance type launches with a default Linux system user account. Default users for following amazon instances are as follows.
|RHEL5||root or ec2-user|
|Fedora||fedora or ec2-user|
|SUSE Linux||root or ec2-user|
If ec2-user and root don’t work, check with your AMI provider.
Two Basic operations are needed perform to get this job done:
1) To add a new user to the system:
Use adduser command and the name of the user you wish to create.
[ec2-user@ip-xxx-xx-xx-xxx ~]$ sudo adduser newuser
Above command adds the newuser account to the system (with an entry in the file /etc/passwd file), creates a newuser group , and creates a home directory for the account in /home/newuser
2) Remote access to newuser:
- Switch to the new account so that newly created files have the proper ownership.
- Create a .ssh directory for the authorized_keys file.
- Change the file permissions of the .ssh directory to 700 (this means only the file owner can read, write, or open the directory).
- Create a file named “authorized_keys” in the .ssh directory.
- Change the file permissions of the authorized_keys file to 600 (this means only the file owner can read or write to the file).
- Edit the authorized_keys file and place public/private key which is generated
[ec2-user@ip-xxx-xx-xx-xxx ~]$ sudo su – newuser
[newuser@ip- xxx-xx-xx-xxx ~]$ mkdir .ssh
[newuser@ip- xxx-xx-xx-xxx ~]$ chmod 700 .ssh
[newuser@ip- xxx-xx-xx-xxx ~]$ touch .ssh/authorized_keys
[newuser@ip- xxx-xx-xx-xxx ~]$ chmod 600 .ssh/authorized_keys
public/private key can be created via PuTTY Key Generator.
At this level, you should now be able to login into the same Ec2 Instance with new user without any sudo permission’s.
Assigning sudo permission’s to newuser
- Login as ec2-user and switch to root
- Add “newuser” to sudoers list by
- And add this to the last line
[ec2-user@ip-XXX-XX-XX-XXX ~]$ sudo su
[root@ip-XXX-XX-XX-XXX ec2-user]# visudo