Create multiple sudo users to EC2 Amazon Linux

Create multiple sudo users to EC2 Amazon Linux

 

Let’s say if an organization of 5 people going to access same server and sharing the same private key / password between users is not a good idea.

This post helps you to create multiple users / accounts and generating private key for each user.

Each Linux instance type launches with a default Linux system user account. Default users for following amazon instances are as follows.

Instance Type User
Amazon Linux ec2-user
RHEL5 root or ec2-user
Ubuntu ubuntu
Fedora fedora or ec2-user
SUSE Linux root or ec2-user

If ec2-user and root don’t work, check with your AMI provider.

Two Basic operations are needed perform to get this job done:

1) To add a new user to the system:

Use adduser command and the name of the user you wish to create.
[ec2-user@ip-xxx-xx-xx-xxx ~]$ sudo adduser newuser

Above command adds the newuser account to the system (with an entry in the file /etc/passwd file), creates a newuser group , and creates a home directory for the account in /home/newuser

2) Remote access to newuser:

  1. Switch to the new account so that newly created files have the proper ownership.
  2. [ec2-user@ip-xxx-xx-xx-xxx ~]$ sudo su – newuser

  3. Create a .ssh directory for the authorized_keys file.
  4. [newuser@ip- xxx-xx-xx-xxx ~]$ mkdir .ssh

  5. Change the file permissions of the .ssh directory to 700 (this means only the file owner can read, write, or open the directory).
  6. [newuser@ip- xxx-xx-xx-xxx ~]$ chmod 700 .ssh

  7. Create a file named “authorized_keys” in the .ssh directory.
  8. [newuser@ip- xxx-xx-xx-xxx ~]$ touch .ssh/authorized_keys

  9. Change the file permissions of the authorized_keys file to 600 (this means only the file owner can read or write to the file).
  10. [newuser@ip- xxx-xx-xx-xxx ~]$ chmod 600 .ssh/authorized_keys

  11. Edit the authorized_keys file and place public/private key which is generated

 
public/private key can be created via PuTTY Key Generator.

At this level, you should now be able to login into the same Ec2 Instance with new user without any sudo permission’s.

Assigning sudo permission’s to newuser

  1. Login as ec2-user and switch to root
  2. [ec2-user@ip-XXX-XX-XX-XXX ~]$ sudo su
  3. Add “newuser” to sudoers list by
  4. [root@ip-XXX-XX-XX-XXX ec2-user]# visudo
  5. And add this to the last line
  6. newuser ALL=(ALL)NOPASSWD:ALL

Installation Guide of RabbitVCS in Ubuntu

If you are famailier with TortioseSVN which is used on Windows Machine then RabbitVCS is equivalent of TortoiseSVN but for linux machine. You can install it using ubuntu software center , using tar package and using ppa repository. My suggestion is to use third option.

Prerequisite: python 2.7

You just have to follow simple step

  1. add a ppa repository
    command : sudo add-apt-repository ppa:rabbitvcs/ppa
  2. then use update command
    command : apt-get update (if root otherwise add sudo)
  3. then you need to install following packages
    • rabbitvcs-cli
    • rabbitvcs-core
    • rabbitvcs-gedit
    • rabbitvcs-nautilus3

    command : apt-get install rabbitvcs-cli rabbitvcs-core rabbitvcs-gedit rabbitvcs-nautilus3

Then kill all nautilus by using command
killall nautilus

Check weather you are able to see rabbitvcs item on your context menu by right click on any folder. Sometime you can not see the rabbitvcs
item into your context menu then check libpython2.7.so.1.0 and libpython2.7.so.1 libraries are present or not in directory /usr/lib.
If not make a link by using below command. These libraries may be present in /usr/lib/x86_64-linux-gnu and /usr/lib/i386-linux-gnu/.
for instance: ln -s /usr/lib/x86_64-linux-gnu/libpython2.7.so.1 /usr/lib/
ln -s /usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0 /usr/lib/
or
ln -s /usr/lib/i386-linux-gnu/libpython2.7.so.1 /usr/lib/
ln -s /usr/lib/i386-linux-gnu/libpython2.7.so.1.0 /usr/lib/
Then either start your machine or kill nautilus using above command.

Note: Sometime you are not able to see rabbitvcs item on context menu then just kill all the nautilus.

FTP and FTPS in LINUX

vsftpd is lightweight, highly stable, secure, and fast FTP server for Linux environment. vsftpd also supports virtual ip, virtual users, bandwidth throttling, IPv6, encryption etc..

This article provides step-by-step instructions to set up FTP Server on your LINUX machine:

STEP-1

Install vsftpd:

sudo apt-get install vsftpd

STEP-2

Configure your vsfpd configuration file. You can find it on location /etc/vsftpd.conf

Uncomment following options in vsftpd.conf file:

local_enable=YES

anonymous_enable=YES (To Enable Anonymous user login)

write_enable=YES

STEP-3

Restart vsftpd service:

sudo service vsftpd restart

 

 

Now, you can access you FTP server on port 21.

Test your set up:

ftp localhost

For more configuration details, follow the link:

http://manpages.ubuntu.com/manpages/precise/en/man5/vsftpd.conf.5.html

Here, you can find more description of vsftpd configuration parameters.

Change Default Port VSFTPD

VSFTPD default port is 21. If you want to change default port to any other port, follow the steps:

Add following options to vsftpd.conf:

listen_port=YOUR_PORT

pasv_enable=YES

pasv_max_port=10100

pasv_min_port=10090

 

Allow outbound rule in firewall for these passive ports. You can save these using iptables:

iptables -I INPUT -p tcp –destination-port 10090:10100 -j ACCEPT

 

Restart your vsftpd service after changing ports:

sudo service vsftpd restart

 

 

 

Enable SSL/TLS/FTPS

Add the following options in vsftpd.conf file to enable FTPS:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
 

 

No need to create a certificate if openssl package is installed!

Restart your vsftpd service:

sudo service vsftpd restart

 

 

Both FTP and FTPS using vsftpd

If you want to start your FTP and FTPS server simultaneously, you can achieve it by starting 2 services of vsfpd.

1)      Copy /etc/vsftpd.conf to /etc/vsftpd-ssl.conf

2)      Edit and configure /etc/vsfpd-ssl.conf for FTPS server.

3)      Save it.

4)      First start vsftpd service (FTP) sudo service vsftpd start

5)      Now, start vsftpd service for FTPS:   sudo vsftpd /etc/vsftpd-ssl.conf

 

— Sharad Sinha