Improving Usability and Security on VPS with CyberPanel
Administering CyberPanel VPS with a regular user
Let's go
- Create common user on VPS (ribafs)
- Add it to sudo so it has some privileges
- Configure SSH so that it user can access the VPS through SSH
- Remove root access to VPS via SSH
This way we can execute some tasks/commands with elevated privileges using sudo,
Or directly access root, since he does not have access to SSH, but my user can allow him to connect, assume:
Most tasks can be done using
sudo command
su and Enter
Provide the root password
I will now remove the snapshot created and create a new one with the current state, to predict, as problems with the permissions and owners of the VPS files have happened to me several times.
Then I will implement these activities:
ssh -p 60022 root@IP
Create user (change it to yours)
adduser ribafs
Add to sudo
adduser ribafs sudo
Add to SSH
adduser ribafs sudo
Change SSH
nano /etc/ssh/sshd_config
Add these two lines to the end of the file
PermitRootLogin no
AllowUsers ribafs
Restart SSH
service ssh restart
See that we didn't change the port, we just added ribafs and removed root.
Exit the server with
exit
Connect with the new user
ssh -p 60022 ribafs@IP
Try running
sudo clear
Note that it asks for the user's password and will keep it in cache for a long time so that the next time it runs without asking for the password.
Now try using the administrative panel and creating a backup of a website for testing.
So far so good with me. But you know, in case of a problem, while we get used to CyberPanel, we can use Snapshot Rollback and, as a last resort, reinstall the VPS.
Bonus
Backup to desktop with common user
Allow regular user to backup all files from /home/backup to desktop
Connect to server
ssh -p 60022 ribafs@IP
su
adduser ribafs root
chmod -R 775 /home/backup
Create an alias on the desktop (make the necessary adaptations for yourself)
cd
nano .bashrc
alias backups="rsync -av --ignore-existing -e 'ssh -p 65522'
source .bashrc
When running, backups will bring all files from /home/backupup to the desktop, but only those that do not exist on the desktop
Create the script on the server
sudo nano /usr/local/bin/perms
#!/bin/sh
clear;
echo "";
chown -R ribafs:root /home/backup;
echo "";
echo "Done!";
sudo chmod +x /usr/local/bin/perms
Run with
su
perms
Now you can check /home/backup which has new permissions on all files and is ready to be downloaded to the desktop.
Both the backup and restore of sites continue to work, which tells us that our changes did not affect the CP.
Remember that always before running backups, you need to run perms on the server
Change CyberPanel URL to something like
https://painel.ribamar.net.br:8043/base/
Comments powered by CComment