Adding New User and Apache User Settings

dreamcompute

#1

Hello! DreamCompute newbie here :slight_smile:

I recently launched a Debian 8 instance where I want to setup a web server. So far everything works fine, and I wanted to add my own user. I proceeded with:

adduser my-user
adduser my-user sudo

It seems to work, but when I ssh my-user@IP it asks for my password. Same when I use sudo. Why is that so? Shouldn’t it go directly, since it is ssh? Two main questions then:

[list=1]
[]How can I configure my user to ssh without password, just like the default user (debian)?
[
]Is there anything else I need to configure to have my user work properly like the default one?
[/list]

Another user related question: since I installed apache under root user shell, my /var/www/ and all subdirectories went under root:root ownership. Can I just chown them to www-data:www-data? Is it good practice? I guess it would make it work (currently I can’t even write a file with PHP, for example) however it would mean my new user would not be able to write there too. Well, I could add my new user to www-data group then and make the directory writable to group. But again: I’m not sure if this is good practice. So, to be more direct:

[list=1]
[]Should I use www-data:www-data ownership for my web files?
[
]How can I make my own user able to write on my web folder without making it less secure?
[/list]

Thank you in advance any comments and suggestions!


#2

Welcome!

If you haven’t added your own public ssh key to the new my-user then you can’t login with ssh. DreamCompute servers are not different than any other servers: ssh works the same all over. You should have a file called authorized_keys in /home/my-user/.ssh/. Check how that file looks like in /home/debian/.ssh/.

Have fun, let us know how things go :slight_smile:


#3

Of course…sorry that was obvious but didn’t occurred to me. All working now.

Thank you for the reference links and other advices. Specially about Apache needing only to read the files – makes sense.

I’m loving the flexibility that DreamCompute allows us to achieve. Although I admit that this is also precisely what always leaves me with a constant insecurity of “am I doing this correctly? Is this enough to work properly?”. Maybe in the future there could be an image for a default and minimal web server, from which we can launch an instance and customize thereon.

I’ve been a DreamHost VPS user for a long time, but honestly I feel it is becoming very restrictive for the direction my work is heading to (i.e. needing latest software and running custom programs for the websites). So if I can manage to make this work, I’m totally moving everything to DreamCompute. Also the bigger performance for the same price is very inviting.

Next step is to make sendmail able to work properly. I’m almost there. Researching!

Thank you very much for your support and advice. Best wishes and may 2017 be a wonderful year with peace, health and success. And a lot of cloud computing :slight_smile:


#4

We discussed this option and frankly it’s quite hard to balance managed services with unmanaged ones. Each customer has their own needs and every server becomes very quickly a snowflake whose configuration cannot be managed safely by DreamHost anymore. This is one of the reasons why root access was removed from DH managed VPS: users with root access would try to modify pieces of the systems that were also managed remotely by DreamHost configuration management, leaving behind unhappy customers.

The approach for the time being is to provide a managed VPS product (DreamHost VPS), a managed WordPress (DreamPress) and totally unmanaged servers (DreamCompute). There may be new managed products coming in the future but no plans have been announced yet. To bridge the gap between managed and unmanaged we have partnered with Serverpilot.io and Canonical.

Serverpilot.io, a lightweight management system that provides automated updates, firewall, reporting, and monitoring for virtual servers running PHP applications. They have a free tier and they offered DreamHost customers a $10 credit to try it.

Similarly, Ubuntu Advantage offers a subscription to Landscape management tool for servers and could be an option to evaluate.

More on this thread, including lots of links to documentation https://discussion.dreamhost.com/thread-147414.html


#5

Thank you for the in-depth reply. Interesting thread to read. Starts with the same comment I made. But yes, I understand these difficulties in balancing, and even releasing a starting image and keep unmanaged could be not so efficient considering the multitude of needs, as you mentioned.

After these last days using, configuring, and playing with my instante I’d say the big thing to invest is not in pre-made images nor intermediate products but documentation indeed. Although as you also mentioned before it is just a computer and everything documented anywhere is valid for DreamCompute as well. And I know you’re working on this.

Now speaking of my particular case, I’m not coming back to VPS. These steps I’m taking to learn about server configuration and security are a must anyway, and the flexibility I get is…no words to describe. Configuring my own deployment, installing my Perl modules, latest software, etc.

One last question: how are the plans for a mail server going? This is apparently the only thing I’ll miss after leaving VPS. Bigger projects/clients prefer to use Google Apps anyway, but the small projects requiring mail only always used DreamHost mail servers and it has always been a success.

I’ll maybe try some other services like Zoho, but certainly having a mail only service from DreamHost (which I trust) at a reasonable price would make me happier.


#6

Glad to read you’re enjoying the freedom. I would suggest you to invest in learning about Ansible to manage configuration of your servers. Especially if you have multiple small customers, you can keep they server’s configuration always in git, as a simple yaml file, and replicate similar installations with copy-paste basically. We wrote a bunch of tutorials for you to get started https://help.dreamhost.com/hc/en-us/search?utf8=✓&query=ansible :slight_smile:

I am not sure what the plans are to productize email. I’ll definitely bring your suggestion to the product owner.


#7

I will learn about Ansible.

Thank you very much!