notes

Log | Files | Refs | README

linux_permissions.md (2114B)

      1 # Linux Permissions
      2 
      3 ### Question: What happens if I am on a server and then I ssh into this server again?
      4 
      5 Nothing special or dangerous happens by itself; you just get another shell on
      6 the same machine.
      7 
      8 Nothing special or dangerous happens by itself; you just get another shell on
      9 the same machine
     10 
     11 You now have two nested sessions:
     12 
     13 - outer: your original SSH (or local) shell
     14 
     15 - inner: the SSH session created from the server to itself.
     16 
     17 Processes in the inner session are separate from the outer one, with their own
     18 TTY, environment, history, etc.
     19 
     20 ### Question: how to create a user on an archlinux server without sudo privilege but make it a member of docker group?
     21 
     22 #### Create the New User
     23 
     24 `useradd -m -G docker -s /bin/bash newusername`
     25 
     26 #### Set a Password
     27 
     28 `passwd newusername`
     29 
     30 #### Verify Group Membership
     31 
     32 ```bash
     33 id newusername
     34 # Expected: uid=1001(newusername) gid=1001(newusername) groups=1001(newusername),999(docker)
     35 ```
     36 
     37 #### Generate the Key Pair
     38 
     39 ```bash
     40 ssh-keygen -t ed25519 -C "newusername@yourserver" -f /home/newusername/.ssh/id_ed25519 -N ""
     41 ```
     42 
     43 #### Set Up authorized_keys
     44 
     45 ```bash
     46 cat /home/newusername/.ssh/id_ed25519.pub >> /home/newusername/.ssh/authorized_keys
     47 ```
     48 
     49 #### Fix Permissions
     50 
     51 SSH is strict about permissions — it will silently refuse to use keys with wrong
     52 ownership or modes:
     53 
     54 ```bash
     55 chown -R newusername:newusername /home/newusername/.ssh
     56 chmod 700 /home/newusername/.ssh
     57 chmod 600 /home/newusername/.ssh/authorized_keys
     58 chmod 600 /home/newusername/.ssh/id_ed25519
     59 ```
     60 
     61 #### Share the Private Key
     62 
     63 ```bash
     64 ssh -i ~/.ssh/id_ed25519 newusername@your_server_ip
     65 ```
     66 
     67 #### Setup Authorized Keys
     68 
     69 Confirm authorized_keys matches that key
     70 
     71 ```bash
     72 sudo -u deploy cat /home/deploy/.ssh/ed25519.pub
     73 sudo -u deploy cat /home/deploy/.ssh/authorized_keys
     74 ```
     75 
     76 Ensure authorized_keys contains the same line as ed25519.pub. If it doesn’t,
     77 append it:
     78 
     79 ```bash
     80 sudo -u deploy sh -c 'cat ~/.ssh/ed25519.pub >> ~/.ssh/authorized_keys'
     81 chmod 600 /home/deploy/.ssh/authorized_keys
     82 ```
     83 
     84 #### Test SSH Access
     85 
     86 ```bash
     87 ssh -i /path/to/private_key -p SSH_PORT SSH_USER@SSH_HOST
     88 ```