Everybody has heard, and seems no one argues, with the suggestion that logging in with a the root account be avoided. Here it is, at the start of the instructions for building a LAMP stack on Ubunutu 14.04: * Prerequisite: Before you begin with this guide, you should have a separate, non-root user account set up on your server. *
I am not persuaded. When I am the only one with the root password, there is not any good reason not use it basically all the time. Some situations require restricted permissions, such as the accounts with ftp access to web directories. But when I login to do stuff, I think typing sudo all the time is a hassle. It becomes such a habit, it doesn’t stop me from doing anything by accident. An expert told me that the name of the root account is known and therefore subject to brute force attacks to get in with its password. How is that risk mitigated by me not using the root account? If the root account is disabled from login with a password, requiring ssh keys to login, then what is the problem?
I would be glad to be corrected. Looking forward to responses.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.