About why to make an unprivileged user
First, let's get it right: the difference between a privileged and an unprivileged user. The first one, often known as root, can read, write, create, and modify any files on the system without any restrictions. The second one, on the other hand, can also read, write, create, and modify files, but with restrictions. And without special access rights and the corresponding password, this user can't harm the system in any way.
The reason for this is best explained with an example. When deploying your web server, for example, on Nginx, it's done under a special user—www. This user's actions and movements are limited to the site's directories.
And if this user is compromised, the attacker will not be able, for example, to gain access to databases that are usually managed by another user.
How to make and configure an unprivileged user
Next, I'll show you how to create a user on Linux servers. There's little difference between creating such a user on Debian/Ubuntu and CentOS/RHEL. I'll explain all the details.
So, to create a user (with a home directory) and set a password, you can use the following command:
If you don't want the user to have their own home directory, simply remove the -m flag. You can also omit the password, but this will cause some difficulties when working with this user. Logging in as this user requires a password.
The -s flag allows you to specify the default shell. I find for myself that bash is much more convenient and easier to deal with than sh.
We've added a standard user to the system; now we need to make them an administrator. This user is still not a root user, but they can change system settings and download the packages they need into the system. To make a standard user an administrator, you need to add them to special groups: sudo for Debian/Ubuntu and wheel for CentOS/RHEL.
The -a and -G flags are for adding the user to the sudo group while preserving the same user in any other groups they were previously a member of.
Finally, to log in as the new user, use this command:
Since you're working with a Linux server, you might also be interested in learning how to completely stop using a password for logging into the server. To do this, you can create SSH keys and use them instead.
