Troubleshooting & How-Tos 📡 🔍 Linux

Minimal User Setup for Debian Cloud

Debian offers cloud images that you can plug into a hosting provider and run instead of spending time going through the installer. Most of them assume you’re going to use the host’s system to set up the your login credentials.

There’s also a “nocloud” image intended to run on a local setup, so you can toss a qcow2 image onto Qemu (directly or with or your favorite GUI wrapper like UTM or Boxes). It ships with a passwordless root user to get you started quickly.

You don’t want to keep running it as root. Especially without a password!

So here’s a set of quick steps to set up a regular user for admin and put a password on root. (Why am I writing this down? Because I always forget which Linux distributions use useradd and which use adduser.)

Optional: Set a Hostname

Debian 11 ships with the name set to “debian,” but it’s not set in the hosts file. Sudo will complain that it can’t find this “debian” machine when you run it, though it will run.

So if you’re setting up a new oldoldstable for some reason, you probably want to start by setting a hostname and adding it to /etc/hosts (on the same line as localhost).

hostname HOSTNAME
nano /etc/hostname
nano /etc/hosts

You can of course use vi instead, or install another text editor like emacs using apt, assuming the image connected to the network.

Debian 12 doesn’t set a hostname in the cloud images, so it doesn’t have this problem, though of course you’ll probably want to set one anyway if you plan on keeping the machine around!

Set Up The User

Next, create the user, add them to the sudoers group, and set their password.

useradd -m -s /bin/bash USERNAME
usermod -aG sudo        USERNAME
passwd                  USERNAME

Some notes on the options used here:

  • You can of course choose a different shell than bash here.
  • useradd -m will also create the home directory.
  • usermod -aG will add a group to the user’s list of groups, rather than moving them entirely.
  • Debian pre-configures a “sudo” group and gives its members permission to run sudo with their own password, which is exactly what I want here.

Other distros vary in whether they set up a group and what they call it (ex. Red Hat/Fedora call it “wheel”), or whether you need to set up access manually using visudo or putting something in /etc/sudoers.d

Now you can set a password for root.

passwd

Congratulations! You should be able to log out of root now, log in with your regular user, and use sudo when needed.

Bonus: Lock Out Root

Once you’ve logged in with your regular user and verified that it can sudo, lock the root account so no one can log into it in the first place. It’ll still be there running things behind the scenes, but it won’t be open.

sudo passwd -l root