Related

Postfix not receiving mail and not finding any error messages. Question Question
Process id dismiss when ssh connect again Question Question

Question

how securing linux with multi-user ?

Posted January 15, 2016 4.9k views
Getting StartedSecurityDebian

Ok so first, I speak avery basical Anglais and i’m a newby on linux ;)
Ok, in a lot of tutorial a view pepole creating user for “security” but I don’t know how to do this. Like for make teamspeak3 server whe create a ts3 user and start server in but how do this securly (whit permission).

Sorry if my question is not a loot bright but thanks you for have read this ;)

Add a comment
By:
MyCMD
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers
jcolyer January 15, 2016

To make a user within your Linux server, you would user the command useradd. So, if you wished to make a user called ts3, you could achieve this by running the following command (as the root user):

useradd ts3

You can read more on using the Linux useradd command via this article, which would also cover granting a user sudo (root level) privileges.

In regards to securing your server’s users, I would recommend utilizing SSH keys. You can read more on SSH keys via this article.

Hope it helps,
Jason Colyer
DigitalOcean Platform Support Lead

How To Add and Delete Users on an Ubuntu 14.04 VPS
by Justin Ellingwood
Learning how to manage users effectively is an essential skill for any Linux system administrator. In this guide, we will discuss how to add and delete users and assign sudo privileges on an Ubuntu 14.04 server.
Reply Report
MyCMD January 15, 2016

Thanks you jcolyer for your responce,
but I know how create user haha :)
I don’t know how to securise it for running like ts3 server deamon ;)

(like in this tutorial (http://brioteam.com/how-install-teamspeak-3-server-linux))
I would know how to make user security for running my deamon out of root user so if ts3 (ex) have backdoor the hacker cant not steal my server or install other think.
Thanks you :3

Reply Report
  • davidwashere January 15, 2016

    Hi @MyCMD ,

    Then you’ve basically already secured it. All you really need to do with any application is to run it as an unprivileged user. If the software (ts3 in this case) is malicious or something is done via the application, it only has the same permissions the ts3 user has.

    Reply Report
MyCMD January 16, 2016

Ok thanks you @davidwashere !

Ok soo if i make this its normaly secure ?

useradd ts3
su ts3
(install server)

But in a tutorial i have view something like this: 

mkdir /home/ts3
chown -R ts3: /home/ts3

For wath this second command is more securely ?

Reply Report
  • davidwashere January 16, 2016

    @MyCMD – These are basically the same thing. For some systems, running the useradd <user> will create the home directory, default shell, and so forth. Some systems will not do this by default (depends on config).

    The first codeblock you’ve provided creates the user and switches to that user. The second codeblock you’ve provided creates that users home directory (default location) and then changes the ownership of that directory to that user. You can skip 90% of this with a command like:

    # useradd -s /bin/bash -m -d /home/ts3 ts3user

    The above will:

    • Create the user “ts3user”
    • Create home directory of “/home/ts3” (owned by user:group - ts3user:ts3user)
    • Set default shell to “/bin/bash”

    You can also specify a password but then that’s in your .bash_history in plain text. It would be better to just set the password for the user using “passwd” while the root user or just “sudo passwd ts3user” to set the initial password.

    Reply Report
    • MyCMD January 16, 2016

      @davidwashere thank you a lot :) ok so now if i make you command and I start my server in hacker canot hack my server its realy cool thanks you :)

      Reply Report
      • ForYourIT January 16, 2016

        Just to make clear, this command doesn’t mean an hacker can NOT hack your server. There are alot of ways your server could be compromised and alot of ways to secure it.
        If you would like to secure your server more you would need to get some more knowledge about this and gather information about;

        • 2 step verification
        • SSH keys
        • Rootkit, backdoor, exploit scanners (RkHunter)
        • Permissions system (like the permission example above)
        • Brute-Force attacks, exploit finders, and all kind of other malicious scanners (fail2ban)
        • And a proper setup firewall ofcourse
        Reply Report
      • davidwashere January 16, 2016

        @MyCMD – What @CrypticDesigns stated is absolutely true although this is one of the first steps (and very basic, at that) in protecting your server.

        Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help