(처음서버설정)사용자 계정 관련 작업

root 사용자를 먼저 변경해야 한다.

root@mylearn-239626:~# passwd
New password:
Retype new password:
passwd: password updated successfully
root@mylearn-239626:~#

 

새로운 사용자 추가하기

Creating home directory `/home/stzuser' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for stzuser
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] Y
root@mylearn-239626:~#

 

사용자 제거하기 (홈디렉토리 포함)

root@mylearn-239626:~# ls /home
stzuser  ubuntu
root@mylearn-239626:~#

root@mylearn-239626:~# deluser ubuntu --remove-home
Looking for files to backup/remove ...
Removing files ...
Removing user `ubuntu' ...
Warning: group `ubuntu' has no more members.
Done.
root@mylearn-239626:~# ls /home
stzuser
root@mylearn-239626:~#

 

추가한 사용자 비밀번호 변경

root@mylearn-239626:~# passwd stzuser
New password:
Retype new password:
passwd: password updated successfully
root@mylearn-239626:~#

 

기본 편집도구 변경

root@mylearn-239626:~# update-alternatives --config editor
There are 4 choices for the alternative editor (providing /usr/bin/editor).

  Selection    Path                Priority   Status
------------------------------------------------------------
* 0            /bin/nano            40        auto mode
  1            /bin/ed             -100       manual mode
  2            /bin/nano            40        manual mode
  3            /usr/bin/vim.basic   30        manual mode
  4            /usr/bin/vim.tiny    15        manual mode

Press <enter> to keep the current choice[*], or type selection number:
root@mylearn-239626:~#

 

Non-Root User에게 Root 권한의 명령어를 실행할 수 있도록 하기

root@mylearn-239626:~# visudo

# User privilege specification
root    ALL=(ALL:ALL) ALL
stzuser ALL=(ALL:ALL) ALL

 

첫번째 ALL : 모든 호스트

두번째 ALL : 모든 User로 명령어 실행이 가능

세번째 ALL : can run commands as all groups

네번째 ALL : 모든 명령어를 실행할 수 있다.

 

root 사용자가 서버에 로그인하는 것을 금지하자.

root@mylearn-239626:~# cd /etc/ssh
root@mylearn-239626:/etc/ssh# ls
moduli            ssh_host_dsa_key.pub    ssh_host_ed25519_key.pub  sshd_config
ssh_config        ssh_host_ecdsa_key      ssh_host_rsa_key          sshd_config.d
ssh_config.d      ssh_host_ecdsa_key.pub  ssh_host_rsa_key.pub
ssh_host_dsa_key  ssh_host_ed25519_key    ssh_import_id
root@mylearn-239626:/etc/ssh# cp sshd_config sshd_config.bak
root@mylearn-239626:/etc/ssh# nano sshd_config

수정사항

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

root@mylearn-239626:/etc/ssh# systemctl restart sshd
root@mylearn-239626:/etc/ssh# systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2024-02-28 16:32:36 KST; 5s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 1606 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 1608 (sshd)
      Tasks: 1 (limit: 1101)
     Memory: 1.7M
        CPU: 119ms
     CGroup: /system.slice/ssh.service
             └─1608 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Feb 28 16:32:36 mylearn-239626 systemd[1]: Starting OpenBSD Secure Shell server...
Feb 28 16:32:36 mylearn-239626 sshd[1608]: Server listening on 0.0.0.0 port 22.
Feb 28 16:32:36 mylearn-239626 sshd[1608]: Server listening on :: port 22.
Feb 28 16:32:36 mylearn-239626 systemd[1]: Started OpenBSD Secure Shell server.
root@mylearn-239626:/etc/ssh#

 

일반 사용자로 로그인 후에 Root 사용자로 변경하기

stzuser@mylearn-239626:~$ su -		# su : switch user
Password:                        	# root의 패스워드를 입력
root@mylearn-239626:~#

stzuser@mylearn-239626:~$ whoami
stzuser
stzuser@mylearn-239626:~$ su -
Password:					# root 패스워드 입력
root@mylearn-239626:~# whoami
root
root@mylearn-239626:~#