This page is specific to Ubuntu versions 8.04, 8.10, 9.04, 9.10, 10.04, 10.10 and 12.04

If you find this information applicable to additional versions/releases, please edit this page and modify this header to reflect that. Please also include any necessary modifications for this information to apply to the additional versions.


NOTE: Please use this page as a reference for other pages instead of simply copying the code.


Create admin account

By default in Ubuntu (server and chroot filesystems), the 'root' account is locked and users are advised to use 'sudo' to perform administrative tasks. This is a good idea.

This page is dedicated to creating an administrative user account in the LTSP client chroot environment.

To become root, the adminname user only needs to:

sudo -s -H
  • Create an adminname account inside the chroot:

    - NOTE: When you will execute the visudo step (see instructions below) add to end of /etc/sudoers file:

    • # Members of the sudo group may gain root privileges
      %sudo ALL=(ALL) ALL
    - Execute the following steps (at the visudo step, please add the text in the box above):
    sudo -s -H
    chroot /opt/ltsp/i386
    useradd -m adminname -G sudo
    passwd adminname
    visudo
    exit
    exit
  • Lastly, update the client image to reflect the changes we just made:
    sudo ltsp-update-image
  • Alternatively, if you have a 64-bit server and 32-bit thin clients, use this command instead, both this time and throughout the rest of this page.
    sudo ltsp-update-image --arch i386


How to 'lock' the account

sudo chroot /opt/ltsp/i386 passwd -l adminname
sudo ltsp-update-image


How to 'unlock' the account

sudo chroot /opt/ltsp/i386 passwd -u adminname
sudo ltsp-update-image


Additional security measure

Disable root login by editing sshd_config

sudo vi /opt/ltsp/i386/etc/ssh/sshd_config

Change PermitRootLogin to no:

PermitRootLogin no

Maybe add a security Banner

#Banner /etc/issue.net
Banner /etc/ssh/warning

Then create the warning file:

sudo vi /opt/ltsp/i386/etc/ssh/warning

Something like:

*** WARNING ***
THIS SYSTEM IS RESTRICTED TO AUTHORIZED USERS FOR AUTHORIZED USE ONLY.

Finally again

sudo ltsp-update-image


CategoryLtsp

UbuntuLTSP/CreateChrootAdminAcct (last edited 2012-05-13 15:25:58 by lucamanu)