DAGA

Digital Agency Growth Academy

AI operator training, hosted products, and community

CoursesPricingCommunityJoinSign In
Courses/F1 Claude Code for Agency Owners/Secure and set up the server
TextPreview access

Create a non-root user

Use Claude Code on the VPS to create a non-root user with sudo privileges and SSH key access.

Time 15 minModule Secure and set up the serverCourse progress 0%

Lesson outcome

You will have a named user account on the VPS that can run administrative commands with sudo, and you will log in as this user instead of root.

Why this matters in an agency

Running everything as root is like running your business from the admin account of every tool you use. One wrong command can damage the entire system with no safety net. A non-root user with sudo privileges gives you the same power when you need it but adds a layer of confirmation. You type sudo before dangerous commands, which creates a moment of intentionality. For a server that matters to your business, that pause is worth having.

Inputs, tools, and prerequisites

SSH access to your VPS as root. Claude Code running on the VPS.

Step-by-step walkthrough

SSH in and start Claude Code

```
ssh vps
claude
```

You are on the VPS with Claude Code running as root.

Ask Claude Code to create the user

```
Create a new user on this server called "operator" with sudo privileges. Set up SSH key access for this user using the same SSH key I use for root. I want to be able to SSH in as "operator" instead of root.
```

Claude Code will propose a series of commands. Review them as they come:

  1. Create the useradduser operator or useradd with appropriate flags. Claude Code will either set a password or skip it (since you will use SSH keys).
  2. Add to sudo groupusermod -aG sudo operator grants the user administrative privileges.
  3. Copy SSH key — Claude Code will copy the authorized_keys file from root's .ssh directory to the new user's .ssh directory and set the correct permissions.

Allow each step after reading what it does. Claude Code is doing standard Linux administration work — work that a sysadmin would do manually, but you are delegating it.

Test the new user

Exit Claude Code and exit the SSH session. Now connect as the new user. First, add the new user to your SSH config. On your local machine, ask Claude Code (or edit manually):

```
Update my SSH config so "ssh vps" connects as the "operator" user instead of root. Keep the same IP and key.
```

Claude Code will edit ~/.ssh/config to change User root to User operator.

Now test:

```
ssh vps
```

You should be logged in as operator. The prompt will show operator@agency-vps instead of root@agency-vps. Verify you have sudo access:

```
sudo whoami
```

It may ask for the operator user's password (if one was set) or it may work immediately (if passwordless sudo was configured). The output should be root, confirming that operator can run commands as root when needed.

Why not just stay as root?

Root has unrestricted access to everything on the server. Every command runs without confirmation. If you accidentally run rm -rf / as root, the server is destroyed. As operator, that same command would fail unless you explicitly prepend sudo — and even then, most destructive mistakes are caught before they execute. The sudo layer is a seatbelt, not a limitation.

Failure modes and verification checks

The main failure is forgetting to copy the SSH key to the new user. If ssh vps asks for a password after switching to the operator user, the key was not copied correctly. SSH back in as root (temporarily change the config back or use ssh root@your-ip) and fix the key setup.

Verification: ssh vps logs you in as operator with no password. sudo whoami returns root.

Implementation checklist

  • SSH into the VPS as root and start Claude Code.
  • Ask Claude Code to create an "operator" user with sudo.
  • Verify SSH key access is set up for the new user.
  • Update SSH config to use the new user.
  • Test login as the new user.
  • Verify sudo access works.

Immediate next action

Move to the next lesson to configure the firewall and update system packages.

Exercise

While logged in as operator, start Claude Code and ask:

```
What is the difference between running a command as "operator" versus running it with "sudo"? Give me a specific example of a command that would fail without sudo and succeed with it.
```

Read the explanation. Then try it yourself: run the example without sudo (it should fail or be denied), then with sudo (it should succeed). This proves the security model works — your normal user is restricted, and sudo is the explicit key that unlocks administrative power.