Question
I do everything as root or create a User su and give permissions to it?
- Posted on August 17, 2015
- Linux CommandsConfiguration ManagementLinux Basics
Asked by herculesnetwork
I have a doubt that I carry with me to time … so I get my root login via email … I access my server via ssh, already come in as root, I know I create a user and privileges to him. or continue as root to go installing LAMP, wordpress etc … since I already have all privileges, because the need to create another User and privileges? I have problem with permissions do everything as root? because I have this habit, even in my linux person I already do a sudo su all made that run a terminal.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Thanks repox! success for you.
This comment has been deleted
It could be a matter of personal preference, so that is also what this answer will be.
The following is considered being done with the root user till it’s stated otherwise.
I for one always secure my setup - to me this means that you authenticate with SSH keys to your server and not with password authentication.
Please read this great tutorial from the DigitalOcean tutorial archive on how to set it up correctly.
One thing not mentioned in that tutorial is how to disable root login via SSH. This is done to additionally secure your server setup. To do so, edit your
/etc/ssh/sshd_configconfig file:… and change the
PermitRootLoginsetting tono:When you’re done editing, press
CTRL+XandYto save your changes.Remember to restart the SSH daemon after you made the changes.
When I have a secure setup, I always add a new user and give this user sudo rights.
For starters, you issue the command (remember to replace
usernamewith whatever username you’d like):This will create a user with the username your provided as the second argument. Secondly, you need to give the user some sudo rights. I do this by adding the user to a sudoers.d file
Put in the following into that file:
When you’re done editing, press
CTRL+XandYto save your changes.Now, notice that the user has a
NOPASSWDsetting which allows the user to use sudo privileges without providing a password. This can be considered unsafe, but with the new secure SSH settings I believe that will suffice.Now, the sudoers file needs the right permissions:
Now you should switch to your new user and add your public SSH key to the users authorized_keys file. To switch to that user, use the
sucommand:Now you’re working as the new user. The new user doesn’t have any local SSH settings, which means we need to create the
~/.ssh/authorized_keysfile manually. Create the directory first:Now, create and edit the
authorized_keysfile and paste in your public keyWhen you’re done editing, press
CTRL+XandYto save your changes.Now you should be able to connect from your local machine with your private key to the new user.
From here you can do sudo installs from your new user.
This is my preferred method of doing it.