May 22, 2012


Initial Server Setup with Ubuntu 12.04

Tagged In: Linux Basics, Ubuntu

What the Red Means

The lines that the user needs to enter or customize will be in red in this tutorial!

The rest should mostly be copy-and-pastable.

The Basics

When you first begin to access your fresh new server, there are a few early steps you should take to make it more secure. Some of the first tasks required on a virtual private server can include setting up a new user, providing them with the proper privileges, and configuring SSH.

Step One—Root Login

Once you know your IP address and root password, login as the main user, root.

It is not encouraged to use root on a VPS on a regular basis, and this tutorial will help you set up an alternative user to login with permanently.
ssh [email protected]

The terminal will show:
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is 79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0.
Are you sure you want to continue connecting (yes/no)?

Go ahead and type yes, and then enter your root password.

Step Two—Change Your Password

Currently your root password is the default one that was sent to you when you registered your droplet. The first thing to do is change it to one of your choice.

Step Three— Create a New User

After you have logged in and changed your password, you will not need to login again as root. In this step we will make a new user and give them all of the root capabilities.

You can choose any name for your user. Here I’ve suggested Demo
adduser demo

After you set the password, you do not need to enter any further information about the new user. You can leave all the lines blank if you wish

Step Four— Root Privileges

As of yet, only root has all of the administrative capabilities. We are going to give the new user the root privileges.

When you perform any root tasks with the new user, you will need to use the phrase “sudo” before the command. This is a helpful command for 2 reasons: 1) it prevents the user making any system-destroying mistakes 2) it stores all the commands run with sudo to the file ‘/var/log/secure' which can be reviewed later if needed.

Let’s go ahead and edit the sudo configuration. This can be done through the default editor, which in Ubuntu is called ‘nano’

Find the section called user privilege specification.

It will look like this:
# User privilege specification
root    ALL=(ALL:ALL) ALL

Under there, add the following line, granting all the permissions to your new user:
demo    ALL=(ALL:ALL) ALL

Type ‘cntrl x’ to exit the file.

Press Y to save; press enter, and the file will save in the proper place.

Step Five— Configure SSH (OPTIONAL)

Now it’s time to make the server more secure. These steps are optional. Please keep in mind that changing the port and restricting root login may make logging in more difficult in the future. If you misplace this information, it could be nearly impossible.

Open the configuration file
nano /etc/ssh/sshd_config

Find the following sections and change the information where applicable:
Port 25000
Protocol 2
PermitRootLogin no

We’ll take these one by one.

Port: Although port 22 is the default, you can change this to any number between 1025 and 65536. In this example, I am using port 25000. Make sure you make a note of the new port number. You will need it to log in in the future. This change will make it more difficult for unauthorized people to log in.

PermitRootLogin: change this from yes to no to stop future root login. You will now only be logging on as the new user.

Add these lines to the bottom of the document, replacing *demo* in the AllowUsers line with your username. (AllowUsers will limit login to only the users on that line. To avoid this, skip this line):
UseDNS no
AllowUsers demo

Save and Exit

Step Six— Reload and Done!

Reload SSH, and it will implement the new ports and settings.
reload ssh

To test the new settings (don’t logout of root yet), open a new terminal window and login as your new user.

Don’t forget to include the new port number.
ssh -p 25000 demo@

Your prompt should now say:
[demo@yourname ~]$

See More

As you start securing your droplet with SSH, you can continue to improve its security by installing programs, such as Fail2Ban or Deny Hosts, to prevent against brute force attacks on the server.

You can also find the tutorial to install the LAMP stack on the server here or the LEMP stack here.

By Etel Sverdlov

Share this Tutorial

Vote on Hacker News

Try this tutorial on an SSD cloud server.

Includes 512MB RAM, 20GB SSD Disk, and 1TB Transfer for $5/mo! Learn more

Create an account or login:


Write Tutorial
  • Gravatar Manuel Persico over 1 year

    After setting roots privileges to my user I still can't run sudo (not allowed)

  • Gravatar Fredrik Mundt over 1 year

    on ubuntu it isn't /usr/sbin/visudo it's /etc/sudoers

  • Gravatar Etel Sverdlov over 1 year

    The visudo command is the correct way to edit that file. As explained on the man page: "visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors."

  • Gravatar omarxp over 1 year

    thanks you, i'm newbie and first time to try vps, thanks you for your tutorial.

  • Gravatar Etel Sverdlov over 1 year

    Awesome! I'm glad to hear it! Please let me know if there any other topics you would like to see in our community =]

  • Gravatar Daniel Fernandez over 1 year

    Hello, After following the steps, I'm in the final step of checking if I can connect with the newly created user but I'm getting an error saying "connection refused".

  • Gravatar mart.van.ineveld over 1 year

    Great intro. You should also mention the steps to add swap storage, as explained else on your site:

  • Gravatar Daniel Fernandez over 1 year

    Disregard, previous message. Thanks

  • Gravatar maiconfz over 1 year

    Thanks, it worked fine!!

  • Gravatar pescadito over 1 year

    hi, after login as root and update visudo for a newuser, i logout root, login with newuser do visudo command again but visudo say: /etc/sudoers: Permission denied any idea what newuser doesn't have the root permision??

  • Gravatar pescadito over 1 year

    i test with ubuntu, if i do #groups newuser, i get newouser root sudo but it doesn't allow me visudo command

  • Gravatar Etel Sverdlov over 1 year

    This is because you are trying to run visudo as your regular user instead of as root. To access visudo without getting the "Permission denied" result, be sure to switch to the root user: "sudo bash" and then you can run visudo without issue.

  • Gravatar ashvin.gargave over 1 year

    Hello Everyone, I am a beginner, i want to know which type and version of ubuntu i need to install ruby 1.9.3. Server Ubuntu 12.04 LTS or Desktop Ubuntu 12.04 LTS Thanks in advance.

  • Gravatar Etel Sverdlov over 1 year

    You can install ruby on either one; you can find a tutorial here on how to install it on Server Ubuntu 12.04:

  • Gravatar Net Hosting Solutions over 1 year

    Followed to a tee and would not work. I'm on a windows machine using putty

  • Gravatar Moisey over 1 year

    Let us know which part is failing or what error messages you are seeing so we can help you troubleshoot.

  • Gravatar Net Hosting Solutions over 1 year

    Sorry, I'm just a dork LOL I forgot to change this in the last step to my username instead of demo!;-) UseDNS no AllowUsers demo <<<<< don't forget to change this to your new username - LOL

  • Gravatar Moisey over 1 year

    Awesome, glad that you got it working, we'll see if we can update the article to make that particular item a bit more clear for the future =]

  • Gravatar staessenmichiel over 1 year

    It's way more clever to hand out root permissions on a group level. usermod -g sudo -A as root to add your user to the sudo group Add the sudo group to the sudoers file if it is not already in there %sudo ALL=(ALL:ALL) ALL

  • Gravatar gamil.gabriel over 1 year

    Uber great tutorial 4 a person like me! I'm a software developer. Thanks!

  • Gravatar mikrostalja about 1 year

    For Centos I had to run: /etc/rc.d/init.d/sshd reload to load in the new configuration for ssh

  • Gravatar Thaw about 1 year

    Thank you for your great tutorial.

  • Gravatar saves23 about 1 year

    Here is a comprehensive tutorial using Ubuntu 12.04:

  • Gravatar skidnew about 1 year

    After setting roots privileges to my user I still can't run sudo, the message are: sudo : must be stuid root

  • Gravatar skidnew about 1 year

    After setting roots privileges to my user I still can't run sudo, the message are: sudo : must be stuid root what can i do????

  • Gravatar Moisey about 1 year

    Can you paste your output for /etc/sudoers so we can review that.

  • Gravatar John Lussmyer about 1 year

    Rather than editing the sudo config, i used the command usermod -g sudo That seems to have worked just fine. It looks like there is also a "admin" group in the sudo config, which I think would help in getting easy access to some of the log files. I can't seem to user usermod to add my user to that group though, it gets a "usermod: group 'admin' does not exist" error. Is this expected?

  • Gravatar suzanne.tamang about 1 year

    This is great! Up and running in no time at all. Thank you :)

  • Gravatar petter about 1 year

    I had to run 'sudo /etc/init.d/ssh restart' for the restart to work for some reason.

  • Gravatar Drew.lechowicz about 1 year

    worked great!

  • Gravatar Jason Kurtz about 1 year

    I'd like to propose a change to this, particularly involving "PermitRootLogin" in sshd_config. I think that, instead of no, it should be change to "without-password", so that users can still login with an SSH key.

  • Gravatar johnryanpowell about 1 year

    After doing this I am unable to modify any files over FTP with the user I created. Any ideas?

  • Gravatar gparent about 1 year

    Jason Kurtz: No, the tutorial shouldn't be changed. It's bad practice to login as root, no matter if it's with keys or not.

  • Gravatar neilh20 about 1 year

    Thankyou thankyou. Excellent tutorial. I'm not a linix hack, though I have set up two Ubuntu systems on converted PCs. So for my first droplet I selected the Application, Beta LAMP on ubuntu 12.04 and then followed this tutorial. Fantastic. The only issue was that I tried something slightly different with the "sshd_config" Port - which didn't work, and then modified it back to the recommended "Port 25000", but then "reload ssh" wouldn't run. After poking around - "cat /var/run/" seemed to show wasn't updated. Also, Ubuntu manual recommends a backup copy of sshd_config with >cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults >chmod a-w /etc/ssh/sshd_config.factory-defaults I accidently killed my sshd process, and then was locked out, however was quickly able to delete the droplet, recreate it with my new experience, do the updates, and then snapshot the droplet. Wow! Also the Apache server is working, I used BvSsh to login. However Putty seemed to fail, also MySql workbench wasn't connecting Onto the next tutorial!

  • Gravatar Max Polk about 1 year

    Since kernels you install to /boot aren't used, it's important to do "uname -a", find the kernel version DigitalOcean picks for you, such as "3.2.0-23-virtual", and install that and only that kernel specifically such as "linux-image-3.2.0-23-virtual" and eliminate all the other linux image choices you may have made. Never pick "linux-image-virtual" which gives you the latest. I accidentally did that, and after installing the latest kernel 3.2.0-38, iptables stopped working. There are problems making Ubuntu think you are on a more recent kernel then upon reboot you actually aren't. Things can stop working as I found out the hard way.

  • Gravatar daadamy about 1 year

    I was getting "user is not allowed to run sudo on localhost" until I added my new user to the sudo group via: sudo usermod -aG sudo

  • Gravatar daadamy about 1 year

    Correction: sudo usermod -aG sudo

  • Gravatar Alex Makin about 1 year

    Following from some of the earlier comments, usermod -a -G sudo will add an existing user to the sudo group.

  • Gravatar moonssc about 1 year

    Instead of reload ssh, use the following command: service ssh restart

  • Gravatar Neil about 1 year

    Is there a tutorial for doing this using a Puppet script so it can easily be wiped and setup all automatically again from scratch in a much smaller time?

  • Gravatar 12 months

    "apt-get install build-essential" should be added to the end of this article. This prevent errors when the package needs to use the "make/build" tools

  • Gravatar cory 11 months

    When I try to open the ssh file using the command: nano /etc/ssh/sshd_config it opens a new blank file. Don't know what I am doing wrong.

  • Gravatar cory 11 months

    Fixed it, thanks

  • Gravatar jtbowlin 11 months

    You should add sudo nano /etc/hosts add "YOURIP YOURHOSTNAME"

  • Gravatar paul 11 months

    Hi, I've created a video in case anyone is interested. Cheers!

  • Gravatar Sean.Kerner 10 months

    simple, brilliant and effective tutorial. Well done.

  • Gravatar Kamal Nasser 10 months

    @Sean: Awesome! Glad to hear that! :]

  • Gravatar flexcode 10 months

    From "Whatever port you chose, if you do move away from 22, make sure it is below 1024. Under most Unix-a-like setups in their default config, only root (or users in the root group) can listen on ports below 1024, but any user can listen on the higher ports. Running SSH on a higher port increases the chance of a rogue (or hacked) user managing to crash your SSH daemon and replace it with their own or a proxy." Does that apply to ubuntu?

  • Gravatar Kamal Nasser 10 months

    @flexcode it applies to all Unix-like systems including Linux (which means it does apply to Ubuntu).

  • Gravatar Eduard 10 months

    Is important to set a hostname? If I have a multisite host, which name I have to use? any name?

  • Gravatar Kamal Nasser 10 months

    @Eduard: You can use the main site's domain name as the droplet's hostname or

  • Gravatar geekerati 10 months

    This is so easy to follow!!! Thanks~

  • Gravatar L Jones 9 months

    re: @Eduard: "Is important to set a hostname? If I have a multisite host, which name I have to use? any name?" and @Kamal Nasser: "You can use the main site's domain name as the droplet's hostname or" I have this question also, and request a more precise answer. I "can" use various domain names, or my name, or whatever. But what "Is important"? Which name do I "have to use?" Or, (a) what is best practice, and (b) what is necessary for operation without error messages requiring (for example) editing hosts file or something else? Thank you.

  • Gravatar Kamal Nasser 9 months

    @jones: The best practice would be naming your droplet something like or any other, and editing /etc/hosts to look like this: localhost sv1 [..]

  • Gravatar alistair.k.macdonald 9 months

    lol I think @jones and @eduard are keen to know the rules on the hostname, for example do I need to maintain an A record for my hostname on my chosen domain's DNS?

  • Gravatar Kamal Nasser 9 months

    @alistair.k.macdonald It's optional if you have /etc/hosts properly configured. I recommend having an A record just so you don't run into problems later on.

  • Gravatar dushan888 9 months

    I have created an ubuntu server droplet. Now I want to install Ubuntu desktop to use it as a remote desktop. Can you please point me out a tutorial to follow ? Regards.

  • Gravatar her.damit 9 months

    Unfortunately I´m one of these "first try it out and then take a look in the manual"-people. I already installed two websites via ZPanel and a team speak server on my Ubuntu 12.04 droplet. I installed ZPanel as root user. Now I read this nice tutorial. If I create a new user with root privileges now, is there a way to "move" the ZPanel installation to this new user?

  • Gravatar Kamal Nasser 9 months

    @dushan888: You can follow this article:

  • Gravatar Kamal Nasser 9 months

    @her.damit: It's the same. You might want to copy the files from /root to /home/youruser, though.

  • Gravatar George Ioakimedes 9 months

    I've tried to change the port in sshd_config of my Ubuntu 12.10 x64 server but every time I do I am unable to ssh in using PuTTY on my Win7 x64 PC. I get a connection refused. Yes, I've restarted ssh (although reload ssh does not appear to work) and yes I have changed PuTTy's session to use the new port. Any ideas?

  • Gravatar Miguel 9 months

    I trully agree on this Tutorial! But changing port is trully in MY OPINION is confusing!! But a good thing to tell users how to use it! Because later Installing firewall such as CSF will only take actions on the Default Port 22! So for new users this will be negative! But honestly its an awesome Tutorial because I am a new users and I didnt know about the Port thing untill I had to Install CSF a few minutes ago! But a different port is also much more secure because the Attackers and BruteForcers will go for Port 22, ALWAYS! Thanks for an awesome tutorial!

  • Gravatar Kamal Nasser 9 months

    @George: What error does putty output? Try telnet-ing to your new ssh port, does that work? Do you have any firewalls set up?

  • Gravatar xeoroe 9 months

    Wow, this is awesome. I am glad my friend told me about it today just before I was going to setup another linux server at home ... this is perfect and the price is right.

  • Gravatar felix.johnson 9 months

    why don`t I get this to work? I never get to the Point where I have to type in yes. can someone help me out?

  • Gravatar felix.johnson 9 months

    can someone help me out?

  • Gravatar Kamal Nasser 9 months

    @felix.johnson: What step are you on?

  • Gravatar felix.johnson 9 months

    Hi kamal, it worked now. I just realize that when I change the port number, I don`t get permission. so I just let it be att the default.I have aone problem though which I am still trying to figure out. I want to put my site files in my vps so I can view it on the web. I just installed Winscp. But I just have to figure out where to put the files and how to configure the vps and then later install phpmyAdmin. So much I`m going to learn. Thanks for asking anyway. And by the way, how is Alex from phpacademy? Say me well to him.

  • Gravatar felix.johnson 9 months

    Now I am going to first set up a host name.

  • Gravatar felix.johnson 9 months

    hi guys, I want to add a domain. Where it says IP is it my vps ip or...?

  • Gravatar Kamal Nasser 9 months

    Yes, IP should be your droplet's IP address.

  • Gravatar delton 8 months

    Great tutorial!

  • Gravatar Greg Boggs 8 months

    sudo apt-get update && sudo apt-get upgrade

  • Gravatar Greg Boggs 8 months

    Actually I had to run this for some reason to get the kernel to update: sudo aptitude update && sudo aptitude safe-upgrade. More:

  • Gravatar John Rodriguez 8 months

    FYI for Debian users don't forget to install sudo. $ apt-get install sudo

  • Gravatar Paul Grieselhuber 8 months

    Great tutorial, however now I can't login with the user that I created using my key file. Here's what I've got in my .ssh/config (locally): Host mycustomname Hostname Port xxxxx User username IdentityFile "~/.ssh/mykeyfile" And on the droplet, I followed the instructions exactly. How do I regain the ability to use the key file? Used to work for root before making the changes from this article.

  • Gravatar Kamal Nasser 8 months

    @Paul: Is your ssh key stored as ~/.ssh/mykeyfile? It should be ~/.ssh/id_rsa by default so try that instead. if you still can't log in, you can reset your droplet's password if you do not have it using our control panel and log in to your droplet using the remote console.

  • Gravatar Paul Grieselhuber 8 months

    Hi Kamal, while 'mykeyfile' is not the actual name, it's not id_rsa either. I have a number of server which I connect to, and my impression was that id_rsa was some sort of default, but that if connect to multiple systems they should all go in different files. Is the information from all key files supposed to go in to id_rsa?

  • Gravatar Kamal Nasser 8 months

    @Paul: You can use separate keys for each server if you want. I personally have one passphrase-protected key that I use for all of my servers.

  • Gravatar mpx-er 7 months

    Simple and good tutorial for newbie users. Great!

  • Gravatar Matt Radford 7 months

    @Paul Each user has their own authorized_keys file. So copy the public key you're using for root to ~/.ssh/username. You should then be able to log in without a password.

  • Gravatar Matt Radford 7 months

    Whoops, I meant ~/.ssh/authorized_keys, where ~ is the home directory for username

  • Gravatar 7 months

    I have a problem with locale: Cannot set LC_ALL to default locale: No such file or directory Ubuntu 12.04 and not more, just a new user with my username.

  • Gravatar 7 months

    And the same situation without new user, just with root: root@***:~# locale LC_ALL locale: Cannot set LC_ALL to default locale: No such file or directory locale: unknown name "LC_ALL"

  • Gravatar Kamal Nasser 7 months Try running

    sudo locale-gen
    Does that fix it?

  • Gravatar 7 months

    No, it does not help. I think, that i have this problem because i use russian language on my laptop (Ubuntu).

  • Gravatar Kamal Nasser 7 months

    Why are you running

    locale LC_ALL

  • Gravatar 7 months

    I get an error "Cannot set LC_ALL to default locale: No such file or directory" when installing anything. I enter "locale LC_ALL" to see the value of a individual locale LC_ALL

  • Gravatar Kamal Nasser 7 months Run

    sudo dpkg-reconfigure locales
    and install en-US.utf8 and ru_RU.utf8 and then run
    sudo locale-gen
    . Does that fix it?

  • Gravatar 7 months

    No :) But i think that the error isn`t so important ant it can be ignored.

  • Gravatar Kamal Nasser 7 months Try adding

    to /etc/environment and see if that fixes it (make sure you log out and log back in):
    echo LC_ALL='en-US.utf8' | sudo tee -a /etc/environment

  • Gravatar sky 7 months

    much appreciated! I know nothing of *nix shell, (though Widnows..not too bad ;) ) so really great to have a clear to follow way to learn!

  • Gravatar Asterix 7 months

    I followed this tutorial, disallowed root user etc and all worked fine right away. I also followed and I could successfully upload phpinfo.php to /usr/share/nginx/www with filezilla and my new user and it worked. I then installed imagemagick, curl, zip; opened a port in UFW. When I now try to transfer a php file with Filezilla to /usr/share/nginx/www I get: Status: Listing directory /usr/share/nginx/www Command: put "C:\Users\ddddddd\Documents\www\Digital\checkme.php" "checkme.php" Error: /usr/share/nginx/www/checkme.php: open for write: permission denied Error: File transfer failed And when I look at permissions it says that the www folder is owned by root. Is that normal? Shouldn't all folders be owned by the new user I created above? So when I create the new user above, shouldn't I also change ownership of all folders to the new user as root practically don't exists anymore? And how do I change ownership of www now?

  • Gravatar Kamal Nasser 7 months

    shouldn't I also change ownership of all folders to the new user as root practically don't exists anymore? No, root still exists. I recommend setting nginx to serve files from /home/youruser/public_html (

    root /home/youruser/public_html
    in /etc/nginx/sites-enabled/*)and uploading files there rather than messing with permissions and possibly breaking stuff.

  • Gravatar Asterix 7 months

    I changed to root /home/myruser/public_html as above and transferred info.php, 50x.html, index.html to /home/youruser/public_html with Filezilla and my new user. And I also changed back permissions with sudo chown root:root /usr/share/nginx/www as I had changed that to my new user before. But I now get Error 502 - Bad Request (which I've actually had since I made a snapshot yesterday).

  • Gravatar Asterix 7 months

    sudo /etc/init.d/nginx restart made it all work fine though!

  • Gravatar maonato 7 months

    There are 5 servers at home and i want to change or update the ssh keys and remove the old keys for each of the server. May you please teach me a script that will automates this task?

  • Gravatar billing 6 months

    I created a new user as instructed above. But I cannot login with new user OR as root. What am I missing?

  • Gravatar Kamal Nasser 6 months

    @billing: Is this on a fresh new droplet? Did you edit any other OpenSSH configuration settings?

  • Gravatar 6 months

    @webform - Your comment(s) worked like a charm and my user can now login via ssh. Going to combine your comments if someone else needs this in the future. Each user has their own authorized_keys file. So copy the public key you're using for root to ~/.ssh/authorized_keys to the directory of that username. You should then be able to log in without a password.

  • Gravatar peteraarhus 6 months

    I am on a Debian droplet. I created a user but when I ssh into it it only shows me $ with no username is that OK? Also (sorry for stepping a little out here) I am trying to make virtualenvwrapper work with my new user. When I try to install it says that it is installed. the command: which gives me a nice result but when I try and use it with source it tells me I can't? Please help :)

  • Gravatar infinitesaint 6 months

    For these who wants to add multiple users to their droplet, but also wants to secure SSH... Multiple users are separated by spaces in the AllowUsers field in the sshd_config, provided that you've already added however many users you desire to your droplet's sudoers file via visudo. Example: AllowUsers demo demo1 demo2 I messed this up by assuming that users were separated by commas, only to discover that I couldn't log in as root, or the two users that I added! Luckily console access rescued me!

  • Gravatar Kamal Nasser 6 months

    @peteraarhus: I created a user but when I ssh into it it only shows me $ with no username is that OK? Yes. You can also run whoami to find out which user you're logged in as. When I try to install it says that it is installed. the command: which gives me a nice result but when I try and use it with source it tells me I can't? Please help :) Please create a community question. Thanks!

  • Gravatar Pablo of 6 months

    SUGGESTION: Two additions should be made to this guide: 1.) @flexcode's observation from June 27, 2013; and 2.) In the spirit of 'equal opportunity' a link to the LEMP stack tutorial should be paired up with the link for the LAMP stack, at the end of this article.

  • Gravatar elprquex 6 months

    For visual thinkers

  • Gravatar Gary Helder 6 months

    I followed all of these instructions and then continued and followed these two tutorials: Everything went great, I'm up and running with WordPress. However, I've run into my first issue, I'm unable to place files on the server. I'm connecting over SFTP with a client (Yummy FTP). I've made a successful connection and I'm able to browse the file structure, but I'm unable to place any files on the server. Every time I make an attempt (I've tried multiple file types and put locations) I get the following error: Couldn't create directory : SSH2_FX_PERMISSION_DENIED - Permission denied Screenshot - I've tried searching for the error, but it doesn't seem like others are having this issue. Anyone have any ideas what I need to do? I'm assuming it's a minor error on my part, but I don't know where to begin to look. Thanks everyone.

  • Gravatar Pablo of 6 months

    @Gary, you're having permissions problems. Make sure that your WordPress directory is owned by www-data and is a member of the www-data group; by executing in a terminal or shell: sudo chown -R www-data:www-data /path/to/WordPress_directory

  • Gravatar Gary Helder 6 months

    Thanks @Pablo, you were correct, I did have the /var/www directory (where all of WP is stored) set to be root:root. I've ran your suggested command and confirmed that the /var/www directory is now owned by www-data:www-data. However, I'm still getting the same issue. Should the /var directory also be owned by www-data:www-data? I'm happy to share whatever additional details I can to help sort this out.

  • Gravatar Gary Helder 6 months

    Perhaps related to this, I've imported content using the WordPress import/exporter and all is well with that, except thumbnail images. It seems WP is unable to create thumbnails. I've added the php GD extension, but I'm still getting the issue.

  • Gravatar Pablo of 6 months

    @Gary, Is the user that you're trying to log into your server with a member of the www-data group? If not, execute sudo usermod -a -G www-data user_name. The thumbnails can be remedied easily w/the Regenerate Thumbnails plugin.

  • Gravatar Kamal Nasser 6 months

    Thanks Pablo, I've added a link to the LEMP article. :]

  • Gravatar Gary Helder 6 months

    @Pablo Thanks, that resolves my issue. I'm now able to put items on the server. However, I'm still having the thumbnail issue. I already tried the regenerate thumbnails plugin and the force regenerate thumbnails plugin with no luck. Even when I upload a new image it's not creating any of the thumbnail sizes I've set.

  • Gravatar a.single.drop 6 months

    I've followed these instructions a couple times now as I wanted to reinstall my servers to run nginx instead of apache. But this time it's simply just not working. I changed the visudo file as described above, changed the port, and allowed users. I basically get to the point where I'm able to login as my new username, but none of the root privileges are in place. I can't change the port without everything breaking (i.e. not being able to login as my new user or as root). What am I missing here?

  • Gravatar a.single.drop 6 months

    Trying again, it seems I can get the port working, but not the user permissions. How do I check user permissions and how do I fix this?

  • Gravatar Kamal Nasser 6 months

    @a.single.drop: What do you mean by user permissions? Are you trying to run a command but getting a 'permission denied' error?

  • Gravatar Pablo of 6 months

    @Gary, are the images owned by www-data and in the www-data group?

  • Gravatar a.single.drop 6 months

    @kamal Yes, exactly. I'm trying to set things up by rewriting visudo so that the user I've created is able to have root privileges, but nothing I am doing seems to make it happen. I don't even know how to check where I went wrong (i.e. what user permissions I have set currently).

  • Gravatar a.single.drop 5 months

    I think I figured it out. Needed to use "sudo bash" under my new user to be able to access visudo under the new user. Any other way for me to check what my user permissions were though? Thanks!

  • Gravatar chungwu11 5 months

    Kamal, trying this on mac terminal, get connection refused message when trying with new modified port. However, no problem logging in with new user, minus the -p new port, is this ok? what port is it actually using then, the default 22? how do I check? thanks!

  • Gravatar Kamal Nasser 5 months

    @chungwu11: Being able to connect to SSH on port 22 means that the SSH daemon is listening on port 22. Try restarting sshd:

    sudo service ssh restart

  • Gravatar b.kowshick 5 months

    I need some guidance for the problem I am facing.. I followed this and created a new user and give it the access permission. After reloading the ssh I closed the terminal window. Now when I am trying to access my server from putty it says 'Connection refused'.. what problem am I facing here

  • Gravatar Kamal Nasser 5 months

    @b.kowshick: What's the output of

    sudo netstat -plutn
    on your droplet?

  • Gravatar archana1986 5 months

    I'm facing a similar problem. After creating a new user and modifying the sshd_config file to allow the new user, I'm able to connect with the default user but not able to connect with the new user using putty When i try to connect with the new user - It says server refused our key - No supported authentication method available(server sent: public key)

  • Gravatar hopefloatt 5 months

    Hi, I am having some problems with Step Five— Configure SSH (OPTIONAL). I believe I have done the above steps correctly. At the last part of the guide, where it states 'To test the new settings (don’t logout of root yet), open a new terminal window and login as your new user.' I followed this and tried to login with my new username demo but i could not login as I am not sure what should be the password? Was i suppose to set the password for the demo username because i don't remember setting any password for demo. I only changed password for the root. So how do I know what is my demo's password? thanks in advance!

  • Gravatar archana1986 5 months

    Please ignore my query. Able to connect now

  • Gravatar hopefloatt 5 months

    Same here, please ignore my query :) thanks!

  • Gravatar hopefloatt 5 months

    Thanks Kamal!! it finally worked :D :D :D :D

  • Gravatar ginajaland 4 months

    Please I was following this article and I setup a user and then was doing somethong of ssh and shut out my ROOT user to access my server and my other user can't change or write the files, how can I reset it or give permissions to my new username? I can log in with the new user, but can't with the root user and password, it says access denied

  • Gravatar Kamal Nasser 4 months

    @ginajaland: You can log in as root using the Remote Console. Once you're in, re-enable root ssh access and then ssh in as root and grant your user sudo access.

  • Gravatar Emanuel 4 months

    i didn't find PermitRootLogin on the sshd_config file. should i add this myself?

  • Gravatar Emanuel 4 months

    found ..pls ignore previous comment!

  • Gravatar Jason 3 months

    I installed the image LAMP on Ubuntu 12.04 and followed these instructions -- including the optional bit. Now when I try to get into MySQL (which I'm assuming was installed via the image?) I cannot. I tried mysql -u root -p, mysql -u NEWUSER -p and neither is working. What is the correct way to access MySQL now that I've disallowed the root user and have a custom user with root access?

  • Gravatar alexander 3 months

    what is the diff btw lamp and lemp? also, how do i verify my ubuntu type: server or desktp. also who do i see how much db space i have and used up. thank you. please reply: [email protected]

  • Gravatar Kamal Nasser 3 months

    @jb5531: MySQL users are not related to system users. Check out

  • Gravatar Kamal Nasser 3 months


    what is the diff btw lamp and lemp?
    LEMP uses nginx as the webserver while LAMP uses Apache.
    also, how do i verify my ubuntu type: server or desktp.
    It depends on the image you chose when you created the droplet.
    also who do i see how much db space i have and used up.
    Run df -h.

  • Gravatar lulukw 3 months

    @Kamal Can we create a server with Ubuntu 10.04 64-bit. Because I need it to install the BBB which requires 64-bit Ubuntu 10.04.

  • Gravatar Kamal Nasser 3 months

    @lulukw: Unfortunately Ubuntu 10.04 is no longer supported and thus is prone to security vulnerabilities so we do not have it available.

  • Gravatar dlvicens 3 months

    Following these instructions in Ubuntu 13.10 does not work. Is there anything in Ubuntu 13.10 that I should do different?

  • Gravatar dlvicens 3 months

    Nevermind, I just confirmed that the port # I'm using is blocked here at work. It works fine at home. Please ignore my previous post. Thanks! :D

  • Gravatar Peter 3 months

    unable to overwrite files under /var/www via filezilla already applied: sudo usermod -a -G www-data user_name open for write: permission denied Error: File transfer failed filezilla shows /var/www = www-data www-data Can anyone help sort this out?

  • Gravatar Kamal Nasser 3 months

    @Peter: Try running

    sudo chmod g+w /var/www
    , does that fix it?

  • Gravatar 3 months

    Muy bueno!!! Muchas Gracias.

  • Gravatar 3 months

    I setup my new user with ALL=(ALL:ALL) ALL in sshd config, changed the port. I turned off the root login -> PermitRootLogin no Tested the new user and it logged in fine, but apparently it doesn't have root privileges.. I already closed the terminal with root logged in, so I guess I'm screwed. visudo: /etc/sudoers: Permission denied USER is not in the sudoers file. This incident will be reported. etc etc

  • Gravatar Tyler Wengerd 3 months

    I had to add an iptables entry after changing the config file to allow a custom port. This was on a barely modified Ghost 0.4.0 on Ubuntu 12.04 image. My command was iptables -I INPUT 4 -p tcp --dport (custom port #) -j ACCEPT. Just a note in case anyone has the same issue.

  • Gravatar Clemens Stolle 3 months

    Hey, I made this article into a simple shell script. just run ./ $your_new_user $optional_new_ssh_port and you get it all in one swoop plus a simple firewall. it assumes that you set up your droplet with your ssh key.

  • Gravatar david_h_mercer 3 months

    Awesome tutorial... worked perfectly!!

  • Gravatar Justin King 3 months

    Not sure why it wasn't mentioned, with Ubuntu usually I just run sudo adduser sudo Instead of editing the files.

  • Gravatar personal.raj7 2 months

    I cant find var/www in my root nor in new user I created! I am trying to login through filezilla and there it shows few folders starting with "." like .cache and few files? Where is var/www directory? How can I sccess it? In my website it still says, "It works! This is the default web page for this server. The web server software is running but no content has been added, yet."

  • Gravatar will-v-king 2 months

    personal.raj7 just create a /var/www directory. mkidr /var/www

  • Gravatar will-v-king 2 months

    sorry it's: sudo mkdir /var/www

  • Gravatar johinvest 2 months

    Hi, I keep getting an error message: 'text file busy'. What do I do? Cheers

  • Gravatar Kamal Nasser 2 months

    @johinvest: Where do you see that error?

  • Gravatar eskimo about 1 month

    Its weird. I followed the exact steps here and when i log into my new "demo" user, it seems he is not in the sudoers file. So each time i "sudo" it throws: "demo" is not in the sudoers file. This incident will be reported. Why is that?

  • Gravatar eskimo about 1 month

    I can't even seem to be able to log in with my other user. For the moment, looks like i'm stuck with my "demo" user which isnt even able to sudo. I need assistance, please.

  • Gravatar eskimo about 1 month

    OK. Fixed. I booted in recovery mode and logged as root, made the changes necessary and voila. Actually, i follow the tutorial here: Thanks anyway

  • Gravatar 1024gbofram about 1 month

    Hello, Thanks for the tutorials . can you please update the tutorial explaining the User Privilege specification ? what this means .? demo ALL=(ALL:ALL) ALL please explain which ALL is used for what purpose.. -Thanks

  • Gravatar 1024gbofram about 1 month

    @personal.raj7 if you login using sftp to the server , you will be landed on the /root/ folder . for accessing /var/www/ folder , go to back folder ( by clicking .. at first ) , or by typing /var/www/ in the Remote Site: text field.

  • Gravatar Kamal Nasser about 1 month

    @1024gbofram: See

  • Gravatar me about 1 month

    Thanks for the tutorial! I have a couple of questions: 1) I have followed this step-by-step, ensuring I am on the correct version of Ubuntu but I am still able to login as root? 2) Also, in order to login with the specific port for my specific user, 'me', I have to first login as root. Surely this isn't right as it defeats the purpose of disabling root as I followed in step 5. Step 6 didn't work, I have to use the 'service ssh restart' command instead (assuming this does the same thing..I found it in the comments) Thanks!

  • Gravatar Kamal Nasser about 1 month

    @me: What's the output of

    sudo nestat -plutn
    in order to login with the specific port for my specific user, 'me', I have to first login as root.
    What do you mean? Can you post the commands you're using to ssh in?

  • Gravatar me about 1 month

    Hi Kamal, thanks for looking into my query. The output of the command is: When trying to login I am using (please forgive me, I don't know the code to use when typing up code on here...) : ssh -p 31415 [email protected] I am then prompted for my password, which returns 'Login incorrect'. That doesn't work so I then login as 'root', I can then use the same command as above and I can login just fine then. Each line of the CLI is preceded by me@andrew:~$

  • Gravatar boomerang.carlos about 1 month

    Hi. In step one: ssh [email protected] or ssh root@IP my droplet ?

  • Gravatar me about 1 month

    Use your own IP, boomerang.carlos :)

  • Gravatar Kamal Nasser about 1 month

    @me: Have you disabled password login? Make sure you set up your SSH keys correctly so you can still SSH in. See

  • Gravatar james mcfarland about 1 month

    These steps worked perfectly for me from a Mac on 2014-03-15. Thanks.

  • Gravatar i.batozskiy 20 days

    I can't upload any file, I've tried several times. I did every word in this instruction, but I still get error "553 Could not create file". That's all.

  • Gravatar darrenwoodiwiss 11 days

    Just incase someone else finds this helpful: When using ssh with my newly created user, I was always being prompted for my password as well. This was confirmed by using ssh -v user@dropletip (-v is verbose mode, it just logs out fully what the ssh services is doing.) $ > Authentications that can continue: publickey,password $ > Next authentication method: password $ > please enter password... To get around this I used: $ > ssh-copy-id -i -p user@dropletid That then allowed me to login to my droplet without typing a password each time.

  • Gravatar Andrew SB 11 days

    @darrenwoodiwiss In the future, you can add your ssh key through DigitalOcean's web interface before creating your droplet. That way you won't need to copy your public key over manually. The interface is here: Start at step three of this article for a walk through:

  • Gravatar winner.bill 6 days

    Hi there I'm having a bit of trouble, hope someone can help. I followed steps 1-4 in the tutorial. However, when logged in as the new user (sjuser in my case) I seem to be lacking at least some root privileges. For example: - I'm not able to edit config files (e.g. php.ini, apache2.conf) as sjuser but I can as root. - I can't SFTP files over to the droplet when connecting as sjuser, but I can as root (using filezilla). - The visudo command doesn't work as sjuser, but it does as root. When logged in as root, and using vidsudo to view /etc/sudoers the line which should confer root privileges on sjuser is there: root ALL=(ALL:ALL) ALL sjuser ALL=(ALL:ALL) ALL What am I missing? Thanks Bill

Leave a Comment

Create an account or login: