how securing linux with multi-user ?

January 15, 2016 1.1k views
Security Getting Started Debian

Ok so first, I speak avery basical Anglais and i'm a newby on linux ;)
Ok, in a lot of tutorial a view pepole creating user for "security" but I don't know how to do this. Like for make teamspeak3 server whe create a ts3 user and start server in but how do this securly (whit permission).

Sorry if my question is not a loot bright but thanks you for have read this ;)

3 Answers

To make a user within your Linux server, you would user the command useradd. So, if you wished to make a user called ts3, you could achieve this by running the following command (as the root user):

useradd ts3

You can read more on using the Linux useradd command via this article, which would also cover granting a user sudo (root level) privileges.

In regards to securing your server's users, I would recommend utilizing SSH keys. You can read more on SSH keys via this article.

Hope it helps,
Jason Colyer
DigitalOcean Platform Support Lead

by Etel Sverdlov
This guide is for Mac OS X and Linux users. Learn how to use SSH Keys with DigitalOcean Droplets.

Thanks you jcolyer for your responce,
but I know how create user haha :)
I don't know how to securise it for running like ts3 server deamon ;)

(like in this tutorial (http://brioteam.com/how-install-teamspeak-3-server-linux))
I would know how to make user security for running my deamon out of root user so if ts3 (ex) have backdoor the hacker cant not steal my server or install other think.
Thanks you :3

  • Hi @MyCMD ,

    Then you've basically already secured it. All you really need to do with any application is to run it as an unprivileged user. If the software (ts3 in this case) is malicious or something is done via the application, it only has the same permissions the ts3 user has.

Ok thanks you @davidwashere !

Ok soo if i make this its normaly secure ?

useradd ts3
su ts3
(install server)

But in a tutorial i have view something like this:

mkdir /home/ts3
chown -R ts3: /home/ts3

For wath this second command is more securely ?

  • @MyCMD -- These are basically the same thing. For some systems, running the useradd <user> will create the home directory, default shell, and so forth. Some systems will not do this by default (depends on config).

    The first codeblock you've provided creates the user and switches to that user. The second codeblock you've provided creates that users home directory (default location) and then changes the ownership of that directory to that user. You can skip 90% of this with a command like:

    # useradd -s /bin/bash -m -d /home/ts3 ts3user

    The above will:

    • Create the user "ts3user"
    • Create home directory of "/home/ts3" (owned by user:group - ts3user:ts3user)
    • Set default shell to "/bin/bash"

    You can also specify a password but then that's in your .bash_history in plain text. It would be better to just set the password for the user using "passwd" while the root user or just "sudo passwd ts3user" to set the initial password.

    • @davidwashere thank you a lot :) ok so now if i make you command and I start my server in hacker canot hack my server its realy cool thanks you :)

      • Just to make clear, this command doesn't mean an hacker can NOT hack your server. There are alot of ways your server could be compromised and alot of ways to secure it.
        If you would like to secure your server more you would need to get some more knowledge about this and gather information about;

        • 2 step verification
        • SSH keys
        • Rootkit, backdoor, exploit scanners (RkHunter)
        • Permissions system (like the permission example above)
        • Brute-Force attacks, exploit finders, and all kind of other malicious scanners (fail2ban)
        • And a proper setup firewall ofcourse
      • @MyCMD -- What @CrypticDesigns stated is absolutely true although this is one of the first steps (and very basic, at that) in protecting your server.

Have another answer? Share your knowledge.