What services does SKYLINE provide?

We provide specialized divisions including: Data Centre Design & Build (Tier III/IV), Cybersecurity SOC/NOC Operations, SCADA & Automation, Fire Safety, Construction, HVAC, AI Solutions, Server Infrastructure with HPE & Dell, and Software Development.

Does SKYLINE design and build data centres?

Yes, we specialize in Tier III and Tier IV data centre design and construction including electrical infrastructure, precision cooling, raised flooring, fire suppression, and Schneider Electric UPS systems. All our projects are SACS-002 compliant and trusted by major clients like Saudi Aramco and SABIC.

Where is SKYLINE located?

Our headquarters is in Dammam, Eastern Province, Saudi Arabia. We serve all regions of Saudi Arabia and GCC countries including Riyadh, Jeddah, Khobar, Dhahran, and Jubail.

What compliance certifications does SKYLINE hold?

We comply with NCA-ECC (Essential Cybersecurity Controls), SACS-002 (Saudi Communications Standards for Data Centres), ISO 27001 (Information Security Management), and SAMA Cybersecurity Framework.

What experience does SKYLINE have in the Saudi market?

SKYLINE was founded in 2019 with 6+ years of experience, has completed 15+ mega projects including the FIFA Club World Cup, and serves 200+ clients including Saudi Aramco, SABIC, Maaden, and STC.

SKYLINE Industrial & IT Solutions

A field-tested, step-by-step guide. How to Add a Non-Root Sudo User on Debian — prerequisites, the actual commands, verification, and links to related Debian topics.

SKYLINE Engineering @skyline

Published: Apr 6, 2026
Last updated: May 28, 2026
Reading time: 2 min

Logging in as root is a habit that ages badly. Even when you are the only operator, putting a non-root account between you and the system makes audit logs honest and stops a slip of the finger from wiping /etc. This guide creates an operator account on Debian, grants it sudo, and locks the system down so root cannot SSH in directly.

Prerequisites

A fresh Debian 12 server where you only have root credentials.
An SSH public key (Ed25519) on your workstation.
A second SSH session held open so you do not lock yourself out.

Step 1: Create the user

sudo adduser ops
# Set a strong password — even though you will use SSH keys, the password
# is the sudo password later.

adduser (vs. useradd) is the Debian-friendly wrapper that also creates the home directory and shell.

Step 2: Grant sudo

sudo apt install -y sudo
sudo usermod -aG sudo ops
id ops

The id output should now include sudo in the group list.

For passwordless sudo (only on hosts where you control physical access), drop a file in /etc/sudoers.d/:

echo 'ops ALL=(ALL) NOPASSWD:ALL' | sudo tee /etc/sudoers.d/90-ops
sudo chmod 0440 /etc/sudoers.d/90-ops
sudo visudo -c            # syntax check; do not skip

For more typical setups, leave password-required and rotate that password quarterly.

Step 3: Push your SSH key

From your workstation:

ssh-copy-id ops@debian-host.example.sa

Test login without typing a password:

ssh -o PasswordAuthentication=no ops@debian-host.example.sa whoami
# Expected: ops

Step 4: Disable root SSH and password auth

/etc/ssh/sshd_config.d/99-skyline.conf:

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes

sudo sshd -t && sudo systemctl reload ssh

Never skip sshd -t — a syntax error on reload locks out new logins.

Step 5: Confirm `sudo` works for the operator

In the operator's session:

sudo -v
sudo whoami        # root
sudo -l            # list allowed commands

Verify

last -i | head     # who logged in recently
sudo grep -E 'COMMAND' /var/log/auth.log | tail
getent passwd ops  # account info

Conclusion

A non-root operator with sudo, key-based SSH, and root-login disabled is the minimum bar for any internet-facing Debian host. Two minutes of work, ten years of cleaner audit logs.

Next steps

Turn on unattended security updates.
Apply the UFW default-deny firewall (UFW works on Debian).
Schedule housekeeping with cron jobs.

SKYLINE Engineering

@skyline

The engineering team at SKYLINE Industrial Solutions. We publish field-tested guides drawn from real KSA and GCC deployments.

See author profile

SKYLINE engineering services

Need this implemented for you?

Reading is free — building it right takes a team. SKYLINE engineers ship Debian for Aramco vendors, banks, hospitals and government agencies across Saudi Arabia. Talk to us before you start.

Server Infrastructure Dell, HPE, Huawei, VMware, Hyper-V, HCI IT AMC Annual maintenance, 24/7 SLA, Bronze→Platinum

Talk to a SKYLINE engineer WhatsApp · +966 50 993 9334 Call +966 50 993 9334

Aramco Approved Contractor ISO 9001 · ISO 27001 SAMA CSF aligned NCA ECC ready 247+ KSA clients

Comments

0 total · 0 threads

Be the first to leave a comment.

How to Add a Non-Root Sudo User on Debian

Prerequisites

Step 1: Create the user

Step 2: Grant sudo

Step 3: Push your SSH key

Step 4: Disable root SSH and password auth

Step 5: Confirm sudo works for the operator

Verify

Conclusion

Next steps

كيفية جدولة مهام cron على ديبيان

How to Schedule Cron Jobs on Debian

كيفية تثبيت Nginx على ديبيان 12

Need this implemented for you?

Comments

Discover by topic

Step 5: Confirm `sudo` works for the operator