Everybody has heard, and seems no one argues, with the suggestion that logging in with a the root account be avoided. Here it is, at the start of the instructions for building a LAMP stack on Ubunutu 14.04: * Prerequisite: Before you begin with this guide, you should have a separate, non-root user account set up on your server. *
I am not persuaded. When I am the only one with the root password, there is not any good reason not use it basically all the time. Some situations require restricted permissions, such as the accounts with ftp access to web directories. But when I login to do stuff, I think typing sudo all the time is a hassle. It becomes such a habit, it doesn’t stop me from doing anything by accident. An expert told me that the name of the root account is known and therefore subject to brute force attacks to get in with its password. How is that risk mitigated by me not using the root account? If the root account is disabled from login with a password, requiring ssh keys to login, then what is the problem?
I would be glad to be corrected. Looking forward to responses.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
This question was answered by @bunsemaster:
With application security vulnerabilities, there could be more ways to access or damage a computer than by knowing the username/password. When you install/run programs as root they will run with full root privileges. If there is a bug or security hole in the application, serious damage could be done.
For example, a program could have a bug that might accidentally erase the entire /usr directory if it runs as root. Or some programs might have vulnerabilities that would allow an attacker to run code on your system remotely without needing to know a password. If the program is running as root, then the attacker could have free reign to do anything from stealing information to compromising the kernel to formatting the disk. However, if the program were running with a restricted user account, then they couldn’t do nearly as much damage.
Using sudo appropriately is a security model that has been in place for a while because it works. Administrative tasks can be run with elevated privileges on an as-needed basis without as much worry about vulnerabilities. It can also be a bit of a safety net for moments of carelessness.
It’s been two years since posting this question and I know more now.
I totally understand why accounts assigned to applications should be as restricted as possible.
It common practice to disable root login except from the system console.
Another common practice is to disallow root logins with passwords, so root passwords never are transmitted.
Where root logins are allowed, it is a good idea to limit the logins to specific IPs where the logins would be coming from.
I still hate typing sudo all the time and still do most of my work logged in as root. If I make a mistake, I have backups to fix it. I don’t see a realistic way for anyone to get the root password. Fail2ban protects from brute force attacks,
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.