How to set up additional user for sudo access in Hipchat Server
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Purpose
There are situations where Hipchat Server admins wanted to grant sudo access to some users but prevent these users from using the default 'admin' ssh account. This article outlines the steps to set up additional user for sudo access in Hipchat Server.
Solution
Admin is advised to snapshot the server prior to making these changes as precautionary measure.
Setting up additional user for sudo access in Hipchat Server
- SSH into your server as 'admin'
Gain root access by running the following command:
sudo dont-blame-hipchat
- As the root user, run the
adduser
command to add new user e.g. user1 and fill out the password and other information when prompted. Once the user is added, edit the
/etc/ssh/sshd_config
file and add the user to ssh'sAllowUsers
parameter like the following:# Whitelist to HipChat admin DenyUsers root ubuntu hipchat AllowUsers admin user1
Save the file and restart SSH service so the changes take effect:
service ssh restart
Verify if the created account could successfully SSH into the server:
ssh user1@10.60.8.207 user1@10.60.8.207's password: The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Atlassian HipChat 2.1.0 (2016.11.29.092641) VirtualBox 08:00:27:eb:e0:ae Manage this instance at https://hanis206.hipch.at/
The one extra modification we have to add to Hipchat Server for all of this to work is to take the
/etc/ssh/sshd_config
file that has been modified and copy it to/home/admin/config/etc/ssh/
on the server.cp /etc/ssh/sshd_config /home/admin/config/etc/ssh/
The reason this has to be done is because Hipchat Server will invoke Chef run during reboots, upgrades, or any action that requires a configuration change on the server. The Chef run will replace many customizations made to system files such as
/etc/ssh/sshd_config
. Placing the modified sshd_config file into that/home/admin/config/etc/ssh
directory will prevent Chef from overwriting the changes. You will see that/home/admin/config/etc/
contains customizations for networking and other config files as well.Next, add the newly added SSH user to the adm group to gain root access:
As the 'admin', run the following:sudo dont-blame-hipchat usermod user1 -G adm
Then, get the newly added SSH user to verify if they can SSH into the server and gain root access:
ssh user1@10.60.8.207 user1@10.60.8.207's password: Atlassian HipChat 2.1.0 (2016.11.29.092641) VirtualBox 08:00:27:eb:e0:ae Manage this instance at https://hanis206.hipch.at/ user1@hanis206:~$ sudo su - root@hanis206:~#