Create a Non-Root User and Grant Sudo Access
Running as root permanently is a common habit when first receiving a VPS, but it's also one of the first things you should fix. A single command error, malicious script, or software vulnerability could then grant immediate and total access to your entire system, with no safeguards whatsoever.
This is the principle of least privilege: give each user only the permissions they actually need, nothing more.
1. Create the New User
sudo adduser john
adduser guides you through the creation step by step (password, optional information) and automatically configures
several elements. It's a more user-friendly command than useradd, which is more basic and requires more manual setup.
Select a robust password for this new user. This account will have sudo access, so it deserves serious protection.
2. Add the User to the Sudo Group
sudo usermod -aG sudo john
On Debian/Ubuntu, the relevant group is sudo. Other distributions like CentOS/RHEL use wheel instead, but for a
typical Debian/Ubuntu VPS, sudo is what you need.
Never disable root access until you've confirmed that the new user actually has sudo privileges. The same risk applies here as with a misconfigured firewall: you could end up locked out of your server.
3. Test Before Closing Anything
Open a new SSH session (keeping your current root session open as a safety precaution) and log in with the new user:
ssh john@your-ip
Then test a command with sudo:
sudo apt update
If the password is requested and the command executes, permissions are correctly configured.
If you get a message like john is not in the sudoers file. This incident will be reported., step 2 was either skipped
or you haven't opened a new SSH session since being added to the sudo group. Reconnect and try again.
Occasional Sudo vs. Root Session
Two common ways to use sudo:
# For a single command
sudo apt install nginx
# Launch a temporary root session
sudo -i
# or
sudo su
In daily use, prefer occasional sudo over extended root sessions. This minimizes the risk of error and maintains an audit trail of every command run with elevated privileges.
Going Further: Restricted Sudo Privileges
You can limit a user's sudo permissions to specific commands only via the sudoers file (sudo visudo). This is useful,
for example, when delegating limited access like restarting a specific service, without granting full system access.
This is a more advanced topic that could be covered in a dedicated article.
Creating the user without adding them to the sudo group, then getting stuck when you actually need it. If in doubt,
groups john lets you verify that sudo appears in the list.
Next Recommended Step
Once your new user is operational, it's recommended to disable direct root SSH login (PermitRootLogin in SSH
configuration). Details on this procedure are covered in our dedicated article on SSH Configuration.
Summary
Creating a non-root user with sudo access is one of the very first actions to take when receiving a VPS. To continue securing your server, consult Secure a VPS.
Our team is available on Discord to help you.