How to manage additional users

Contents

1. Adding another user
2. Making a user an administrator
3. Removing an existing user
4. Updating your server

How to manage additional users

It's not uncommon to give access to a server to more than one user. Most of us don't work alone. You might need someone else to connect to your server. In those situations, you need more than the default root user. This guide will help you manage these new users.

You'll learn what to do to create a new user. It'll teach you what you need to do to make them an administrator. You'll also see how to remove a user that you created.

This guide assumes that you're familiar with how to customize your server. If you don't know how or aren't sure, take a moment to go over this guide first.

Adding another user

Let's say you want to add another new user with the login wordpress. DebOps will need to know some information about the user you want to create. To make things easier, we're going create a variable to store the details about your user. We'll name it users_wordpress.

# inventory/host_vars/wordpress.example.com/vars.yml

users__wordpress:
  - name: 'wordpress'
    groups: [ 'sshusers' ]
    sshkeys: [ 'ssh-rsa AAAAB3NzaClyc2EAAAADAQABAAABAQCnwQeRLX0+MvcGUzbigcSKu7EQ0vIkieK/MMpG4WeknaKIPNPCp0/2LdopcK01PdxbBSFDIM6Ju6F+5213554pAkjydKellypyjPLQeMalyNZBOY2ZjTGdz6vRzgumw13Q+NH9HcQKzlhlalICV0+,CVVNGxV/NADLOyEkWzhIFTx+7XfQYBhUMvpGHTEIRjbM9rEINOOpflIZTqOPwriMaoBwi83a83yuCC8IwugN6YQx0qqeYoohoMbpvSvyaul3LlyjURsfTZVkasgslibuYr80Wr8kx5UQWHuzg3Eti4fqQ0Mja2RxBuxQ/XblhIQEV1,9DWOYgiTT161V wordpress@example.com' ]

users__host_accounts: [ '{{ users_wordpress }}' ]

This is the minimum amount of information needed to create your user.

You need a name for your user. You also need to put the user in the sshusers group. This allows the user to connect to the server via SSH. You'll also need to have the public SSH key that the user wants to use to connect to the server.

user_host_list is the comma-separated list of users for your server. Just add any user variable that you create to it. This is what tells DebOps to create the users.

Making a user an administrator

To make a user an administrator, you just need to change the groups the user belongs to. The sshusers group used in the previous section doesn't come with any administrator privileges. Below is the modified users_wordpress variable with the appropriate groups.

# inventory/host_vars/wordpress.example.com/vars.yml

users__wordpress:
  - name: 'wordpress'
    groups: [ "admins", "staff", "adm" ]
    sshkeys: [ 'ssh-rsa AAAAB3NzaClyc2EAAAADAQABAAABAQCnwQeRLX0+MvcGUzbigcSKu7EQ0vIkieK/MMpG4WeknaKIPNPCp0/2LdopcK01PdxbBSFDIM6Ju6F+5213554pAkjydKellypyjPLQeMalyNZBOY2ZjTGdz6vRzgumw13Q+NH9HcQKzlhlalICV0+,CVVNGxV/NADLOyEkWzhIFTx+7XfQYBhUMvpGHTEIRjbM9rEINOOpflIZTqOPwriMaoBwi83a83yuCC8IwugN6YQx0qqeYoohoMbpvSvyaul3LlyjURsfTZVkasgslibuYr80Wr8kx5UQWHuzg3Eti4fqQ0Mja2RxBuxQ/XblhIQEV1,9DWOYgiTT161V wordpress@example.com' ]

users__host_accounts: [ '{{ users__wordpress }}' ]

The only value that changed is groups. It's now configured with the default groups for an administrator accounts. That's the only change that you need to do!

Removing an existing user

The last thing you might want to do is remove an existing user. It's not enough to remove users_wordpress from users_host_list. You need to tell DebOps to remove that user from your server.

# inventory/host_vars/wordpress.example.com/vars.yml

users__wordpress:
  - name: 'wordpress'
    state: 'absent'

users__host_accounts: [ '{{ users__wordpress }}' ]

state: 'absent' is what tells DebOps to remove the wordpress user. The rest of the details are gone, but that's not necessary. You can keep them if you wanted to reactivate the user in the future. You just need to remove the state: 'absent'.

Updating your server

You don't need to create a new server to manage additional users. DebOps can update an existing server with the new users you defined in users_host_list. You just need to run the common DebOps playbook.

$ debops