Limited User Login
Introduction
Limited User Login feature allows you to provision an instance with a limited non-root sudo user named linuxuser instead of the root user. This feature is available for both VPS and Bare Metal instances with the Linux operating system.
Using a non-root sudo user is a security measure that adheres to the principle of least privilege. When you're logged in as the root user, you have unrestricted control over the system, which can lead to accidental or intentional system damage.
By using a non-root user with sudo privileges, your access is restricted. This means that everyday tasks are performed with restricted access, reducing the risk of unintentional errors causing system-wide issues.
Supported Operating Systems
The following is an exhaustive list of supported operating systems:
- AlmaLinux
- Alpine Linux
- Arch Linux
- CentOS
- Debian
- Fedora
- Rocky Linux
- Ubuntu
Deploy Instances with Limited User Login
Navigate to the customer portal.
Choose the Compute menu item on the Products page.
Click the Deploy button.
Select the server type, size & location.
Select any supported operating system as the server image.
Under Additional Features, select the Enable Limited User Login feature.
Optional: Select or add a new SSH key.
Optional: Set the server hostname and label.
Click the Deploy button.
Once the instance is ready, you can find the credentials on the instance page. You can log in as linuxuser using SSH with the generated password or SSH key selected during the deployment.
With the Limited User Login feature enabled, the root user is locked and can only be accessed using sudo.
$ sudo -iEnsure that you access the root user only when required. Processes running as the root user can be exploited for privilege escalation.
Frequently Asked Questions
Can I log into root user using SSH?
No, you will not be able to log into the root user using SSH if you deploy an instance with Limited User Login.
Can I enable this feature when deploying via API?
Yes, you can set the value of user_scheme attribute to limited while sending a request to create a new VPS or Bare Metal instance.
Can I choose my own username?
By default, a new user named linuxuser will be created when deploying an instance with Limited User Login.
Can I change the password?
Yes, you can change the password using the passwd command.
What are some other security measures I should implement?
You can implement other security measures like:
- Enforcing password rotation
- Disabling password authentication
- Setting up firewall rules
Refer to the Security Best Practices for Vultr Instances document to learn more.