1. Home
  2. Training Library
  3. Amazon Web Services
  4. Courses
  5. How to Move Your Website to AWS with PHP, MySQL, and Apache

Securing your user accounts

Securing your user accounts

The combination of Linux, Apache, MySQL, and Python or PHP (LAMP) is one of the most common software stacks for web servers, even for high-end web applications. In this course, the experienced sysadmin David Clinton will teach you how to install and configure a LAMP stack on AWS EC2 and RDS, also discussing security issues and selecting the right instance type for your application.

This course will cover all the steps in the process: from creating an instance to building a website-hosting LAMP stack. You'll find everything you need to configure your webserver using EC2 (Elastic Cloud Compute) and RDS (Amazon Relational Database) to power your MySQL instance.

Who should take this course

This is a beginner course that aims to introduce basic AWS concepts to anyone looking for a quick guide to building a web server in the AWS cloud. We'll take you through all the basic steps, from configuring your Linux installation to using Amazon RDS to take advantage of AWS scalability.

You should have some basic Linux knowledge. If you are new to Amazon Web Services, why not watch our AWS Basics course or some of the other introductory courses to the common AWS services, like Amazon RDS

And feel free to test your knowledge on the basic topics covered in this course by taking a quiz.

If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.


Hi, and welcome back to our course on building a LAMP server on EC2. In this class we'll begin discussing security and in particular how to secure user accounts.

If your setup is like mine then you login to your EC2 instance without any need for password, it may have crossed your mind that that's a little odd and what's to stop anybody else from logging in to the same instance and corrupting and taking control of your data. The answer is you might well know is that when you were setting up your instance on the Amazon dashboard you created a key pair, you took the public key and copied it to the computer from which you're accessing your instance and then when you issue the command using SSH to login to this instance. You also directed the SSH facility to the location of the public key, when the Ubuntu on EC2 got the request to login from your computer it looked at the public key and recognize you as a friendly and reliable source and let you in. That's fine, it's not perfect when it comes to network computers there's no such thing as perfect security but it's good enough for our purposes. Now however you're probably going to take this instance and interface with other computers on the internet, somewhere along the line you're bound to come across a hacker who's got nefarious goals.

He's going to want to get into your system, take over our user account and use your computing resources for his good.

What's to stop him? If you don't have any passwords associated with your user account, the user account you started with if you're starting off like me is Ubuntu, and there's nothing stopping my Ubuntu from performing any function that he likes on this computer. We'll if there's nothing stopping him, there's no password by which we're forced to identify that I am who I am claimed to be. Then anybody can takeover with a minimal amount of effort, anybody could take over this account and do whatever he likes with it. It's therefore very very important that you give Ubuntu a password, or even better that you create a new user account with some different name or multiple user accounts if you have multiple people, colleagues who are accessing this instance along with you and assign each of them proper high level passwords. It's the responsibility of the administrator and that's you to properly secure the accounts that you're going to be using, now just a little bit of background. For our purposes Ubuntu has two different types of accounts, there's a regular user account who is able to take to do anything with any data in his user directories, has complete control over them. However there's nothing much that this user can do on the system itself, there's a second type of user the administration user.

Using sudo he- if that is if he prefixes any command with the word sudo S-U-D-O. He will then be able to edit any file on the system, be able to perform or initiate function in the system be in complete control. Naturally on a normal system every time a user invokes sudo and then it command he will be asked for his password and he'll be allowed in. Let's create a new user, let's type sudo aduser and say Mike.

Now you'll notice we weren't asked for password because I'm still using the original password list Ubuntu user, something we're going to change now. First though we'll create a password for Mike.

We'll type it in again to make sure it actually works. We'll have the option of typing in full names and locations and phone numbers for Mike, we don't really care right now especially since Mike doesn't even exist and we will finish the process, Mike now is a fully qualified user on the system but he's not an administrative user. How do we give him administration rights? By editing the group file, actually there are a number of ways you could do this, I prefer to edit the group file. So let's type sudo because again we have to be administration to do this, nano which is the word the text manipulation program and we'll point it to the group file in the etc the etcetera directory. This is a list of all the groups that are registered on the system right now, we'll scroll down until we get to the sudo group which is here. We will move to the end of that line, Ubuntu actually already a member of the sudo group that's the user we're using right now. We'll add a comma, we will not put a space after the comma we'll immediately write in Mike. So Mike has now been added to the sudo group, hit control X and then Y to save this and the group file has now been changed. Let's experiment to make sure this actually work, let's su which mean switch user to Mike.

Now we have to put in Mike's new password and we are now Mike. Let's see if Mike can edit the group file using his sudo power So we type sudo nano /etc/group, enter.

Enter Mike's new password and we're in. We are able to edit system files which means Mike now has the power of administration.

If by the way you're not so friendly with Mike as you once were and you want to get rid of him as...well, you wouldn't be able to do that as Mike rather exit the shell that you were operating in under Mike's account and your back to the Ubuntu account, and type sudo deluser which stands for delete user and Mike. Again if you were a normal account with a password then Ubuntu will be asked for his password before being allowed to perform this function, and once you'd hit enter we'd remove Mike, Mike would be gone from the system, but we're not going to do that right now. How would you add a password for Ubuntu? You don't have to create a new user using adduser. You just want to add a password so that every time Ubuntu wants to access the sudo administrative function he'll first have to enter this password.

That is done using the command passwd not password for some reason this passwd without the OR. You type passwd you hit enter and you're asked to enter a new password then you'll be asked to confirm it a second time and from that point on Ubuntu will have his own password also.

In this class we learned how to add users and how to add passwords to user accounts and how to add a user to the sudo group through the etcetera slash group file, to ensure as much as possible that your user and only your user will have access to administrative functions that make this instance work. We hope to see you again next time.

About the Author
David Clinton
Linux SysAdmin
Learning Paths

David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.

Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.

Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.

His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.