...
Code Block | ||
---|---|---|
| ||
# Members of the staff group may gain root privileges %staff ALL=(ALL) ALL |
Naming Convention
You may want to understand the naming convention used here if you want to build your own. Otherwise, the examples are self-explanatory and have not encountered any issues.
Create Catch-All serveradmin user
...
Code Block | ||
---|---|---|
| ||
sudo useradd -d /home/bhitchbrian.hitch -m -g staff -u 2000 -c "Support Bryan Hitch" -s /bin/bash bhitchbrian.hitch sudo useradd -d /home/jcassadayjohn.cassaday -m -g staff -u 2001 -c "Support John Cassaday" -s /bin/bash jcassadayjohn.cassaday sudo useradd -d /home/welliswarren.ellis -m -g staff -u 2002 -c "Support Warren Ellis" -s /bin/bash welliswarren.ellis |
Notice the -u which set's the user's GUIDs. We found it essential to standardize on the GUID of the accounts across all our systems consistently. Not doing so causes problems when it comes to cloning systems or moving programs across different environments. As a practice, we use the following GUID's ranges,
...
Code Block | ||
---|---|---|
| ||
sudo usermod -a -G adm bhitchbrian.hitch sudo usermod -a -G adm jcassadayjohn.cassaday sudo usermod -a -G adm welliswarren.ellis |
Note |
---|
When adding an existing user to an existing group the user must log out and log back in for changes to take effect. |
...
Code Block | ||
---|---|---|
| ||
sudo passwd bhitchbrian.hitch Enter new Unix password: Reenter new Unix password: passwd: password updated successfully sudo passwd jcassadayjohn.cassaday sudo passwd welliswarren.ellis |
Warning |
---|
At this point it is important to log out and log in with your staff account to continue any new work. This will allow for a proper audit trail of the system from this point forward. |
...