Add User in Ubuntu Touch Linux howto
It became necessary to add a specific user account for the site backup system here at ElectricBrain. There has never been multi-user support in Ubuntu Touch. Nevertheless the functions are available from the commandline - albeit nobody remembers how to use them - hence this page.
The present use case is for the site-wide BackupPC system to be able to login as a user, but not the "phablet" builtin user as that is deemed to be to insecure. The BackupPC user then has sudo permission to operate the builtin rsync (which is part of the Ubuntu Touch distribution - which is super cool!!) to get all the permission and user/group metadata as well as the files themselves.
The new user created by this procedure will only have commandline access. The phone's screen won't have any idea of the existence of such a user. Ultimately an SSH login will allow a remote user (BackupPC in this instance) to execute commands. Furthermore, security will prevent the phones's linux user from being able to SSH anywhere else.
The following shows a session where the backuppc user was added. Prior to starting ensure the environment is writable (see SDCard howto - and be careful while in this mode as it's easy to damage stuff. Relock ASAP when finished).
phablet@ubuntu-phablet:~$ sudo touch /var/lib/extrausers/subgid
phablet@ubuntu-phablet:~$ sudo touch /var/lib/extrausers/subuid
phablet@ubuntu-phablet:~$ sudo addgroup --extrausers --gid 32010 backuppc
Adding group `backuppc' (GID 32010) ...
ENTER EXTRAUSERS_GROUP_FILEEXIT EXTRAUSERS_GROUP_FILEENTER EXTRAUSERS_SHADOWGROUP_FILEEXIT EXTRAUSERS_SHADOWGROUP_FILEDone.
phablet@ubuntu-phablet:~$ sudo adduser --extrausers --uid 32010 --gid 32010 backuppc
Adding user `backuppc' ...
Adding new user `backuppc' (32010) with group `backuppc' ...
Creating home directory `/home/backuppc' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for backuppc
Enter the new value, or press ENTER for the default
Full Name : BackupPC
Room Number :
Work Phone :
Home Phone :
Is the information correct? [Y/n]
Once the user has been created it's then possible to add an ssh key and login. In this case the BackupPC system is able to login and use sudo to run rsync for backups. Essentially "Cloud" backups without compromising privacy.
Adding the sudoers file to allow backuppc to do its thing
sudo visudo -f /etc/sudoers.d/backuppc
Then enter the following text
# BackupPC sudo authority to run rsync for user phablet
User_Alias BACKUPPC_USR = backuppc
Runas_Alias BACKUPPC_RUNAS = #0
Cmnd_Alias BACKUPPC_CMDS = /usr/bin/rsync
BACKUPPC_USR ALL=(BACKUPPC_RUNAS) NOPASSWD: BACKUPPC_CMDS
Then save and close the file.
Don't forget to lock the system up again as per the instructions on the SDCard howto page.