For a safer experience, that five minutes would be better spent making a non-root user and locking down the root account.
You are viewing a single comment's thread from:
For a safer experience, that five minutes would be better spent making a non-root user and locking down the root account.
Maybe, but that's for a different tutorial. If your SSH private keys are secure, users are a waste of time and keystrokes and add layers of complications to otherwise simple tasks, especially for servers maintained by a single person. If you are trying to save a server from crashing in a downward spiral, seconds count.
If your only authentication method is via private keys, with a passphrase, restricted to certain IP addresses, on a non-default port, you won't have a problem administrating your server as root.
This is infinitely more secure than allowing the world access to SSH, and then hoping that if(when) they get user access, they are too dumb to load malware from bash or snoop for vulns.
To extrapolate my point, your comment suggests that to be secure, you'd also need to shut down your steemit user login (root) to protect your SBD or SP (root's money), and then create a sub user (not currently possible), because that's the only way to be safe.
Upvoted for the good info here, but this is not direction I was going in.
Too many parts of the system are easy to mess up as root, doing work as an unprivileged user and escalating when necessary gives you time to think about what you are about to do.
Personally, I treat sudo like a loaded gun, and I make damn sure i know what it's pointed at when I pull the trigger.
When logged in as root every command becomes a loaded gun.
EDIT: Also in a tailspin there is sudo su to save you extra keystrokes, but emergencies are the exception not the rule.
Ahhhh! Yes I can agree with you there. I wasn't even thinking about the Linux desktop users that might come across this post. On the other hand, killing a few desktops, laptops and servers is how I learned the most valuable lessons early on.
I suppose I was lucky to have learned from the start how to run as root (didn't know there was another way). At some point, the training wheels have to come off I guess, at least for those looking to advance their Linux skills to the next level. (Run it as root!)
As you mentioned, it's still good to have a working handle-brake though, and that was the purpose of this post :)
I'm going to keep your point in mind for any future Linux articles I post. I'll need to consider to remember the day-to-day user and hobbyist more carefully.