Sorry if the phrasing in the title is confusing, it’s worded the best way I could given my limited knowledge of running a server. I’ve setup my server and added a few small websites to learn more about servers. I did everything under the root username and everything works fine. It’s my understanding that I should be using a non root user, and there are many great guides on here for setting that up. My question is after following one of those, would any processes or things be running in root that should not be running in root? I’m essentially only running fail2ban, nginx and the firewall just blocking all ports except what is required.
If all is fine, I’ll just go follow one of the tutorials to setup a sudo user and add SSH keys to that account (different from root user would be best practice I’m guessing) and follow whatever other recommendations are suggested in the official guide for this distro.
I’m just wondering if there is a security or other best practice downside to having done everything starting out in root, or if it’s fine and I should consider myself lucky I didn’t accidentally delete the server or mess something up badly etc! Obviously in the future, I’ll pay more attention to best practices when setting up the server.
Oh and just a quick edit. I’m only hosting fully static websites with HTML/JS/CSS so no php/databases are installed and will never be on this droplet.
Thanks in advance for the guidance!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.