LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-03-2014, 04:00 PM   #1
sniper8752
Member
 
Registered: Oct 2012
Posts: 342

Rep: Reputation: Disabled
linux user account question


I have a basic understanding of Linux, but remembered reading that to secure a machine, it is not best to have an account called "administrator" or "admin". Is this true?
Also, if I want to login and do administrative tasks, should I login to an administrator account, or a standard user account? I noticed with the admin. account, I would still have to enter my password, so does it really matter? And what exactly are the differences between the administrator and standard account type?
 
Old 05-03-2014, 04:30 PM   #2
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US, Earth, end border$! ◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,313
Blog Entries: 2

Rep: Reputation: 957Reputation: 957Reputation: 957Reputation: 957Reputation: 957Reputation: 957Reputation: 957Reputation: 957
Quote:
... Is this true? ...
I'm not sure but having usernames that may draw attention to attacks could be bad? Although there will for the most part always be root\administrator you should run as a non-admin then use sudo. http://www.sudo.ws/
 
Old 05-03-2014, 07:29 PM   #3
spazticclown
Member
 
Registered: Sep 2010
Distribution: Fedora, Android, CentOS
Posts: 91
Blog Entries: 2

Rep: Reputation: 21
In Linux (most distros) there will be a root account, this is akin to a Windows administrator level account. This account has full access to all data on the system, can install applications, can delete boot files, it has a high level of trust. There is also the standard user account you log into to get to a desktop/terminal. When you are in a terminal the user starts off with (again normally) a $ and the root user gets to have the # as the prompt.

The best practices that I have been tought are:
1. Disallow the root user from having a graphical desktop login, this prevents getting in the habbit of running everything as root.
2. Use sudo to run commands as root when necessary. This requires you to have sudo setup ubuntu has by default, fedora if you install in the administrators/wheel group, Mint by default. Sudo can be configured to allow root access to some functions but not to others.
3. Use su -c 'command' when you have to, or when being extra careful about local security. This will require the root password not your account password.
4. Use su to enter the super user shell if you broke something really bad and need to fix it before you get fired, or you intend to kill the computer.

TLDR: use a user account and elevate to root as necessary is the best for security.
 
Old 05-03-2014, 07:56 PM   #4
sniper8752
Member
 
Registered: Oct 2012
Posts: 342

Original Poster
Rep: Reputation: Disabled
Haha! - I like the TLDR at the end! But I appreciate your response - and I did read it all!
How do I go about doing #1? I never heard of that.
 
Old 05-05-2014, 12:02 PM   #5
spazticclown
Member
 
Registered: Sep 2010
Distribution: Fedora, Android, CentOS
Posts: 91
Blog Entries: 2

Rep: Reputation: 21
Most distros have that by default. For instance Ubuntu actually disables the entire root login by default. I mostly use Fedora or Mint and both of these root cannot log into a desktop without some special help. If you use a user account other than root for your normal tasks you are doing fine.
 
Old 05-05-2014, 03:11 PM   #6
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,020

Rep: Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455
the "GUI boot as root " in most linux based Operating systems has been disabled
the main reason is that the software than manages the GUI is Xorg
and Xorg is old and aging and is in NEED of being replaced

it is NOT !!!! secure and should not be ran as "root"
that will allow many many many AND AGAIN WAY TOO MANY security issues

but
not every linux distro dose block this
Fedora BLOCKS IT!!! and has done so since fedora 12 - 4.5 years ago
OpenSuse -- yes and no you can re enable it and use it ( it is your choice )
Ubuntu - DISABLED and might not even have a real root user

RHEL/CentOS/SL -- ENABLED
-- these users " ? should ?" already know the DANGER and act accordingly

Slackware ? i do not know
Arch - did but now i think it is blocked
Kali 1.0.6 - there is ONLY a root account ( a very SPECIAL purpose OS and for mainly ONLY FOR ONE USE... )

Last edited by John VV; 05-05-2014 at 10:24 PM.
 
Old 05-05-2014, 10:03 PM   #7
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 2,596
Blog Entries: 1

Rep: Reputation: 511Reputation: 511Reputation: 511Reputation: 511Reputation: 511Reputation: 511
Security is a relative thing. If you never attach to a network, and are the only one with physical access, it's all a bit moot. Unfortunately a lot of todays devices are always on and always connected.
 
Old 05-06-2014, 03:26 PM   #8
DJ Shaji
Member
 
Registered: Dec 2004
Location: Yo Momma's house
Distribution: Fedora Rawhide, ArchLinux
Posts: 513
Blog Entries: 15

Rep: Reputation: 106Reputation: 106
Quote:
Originally Posted by Shadow_7 View Post
Security is a relative thing. If you never attach to a network, and are the only one with physical access, it's all a bit moot. Unfortunately a lot of todays devices are always on and always connected.
even if you never connect to the internet running as root is bad practice. one (!) mistake and bam! all your data is gone and you wish you had made that backup that you never really got around to making
 
Old 05-06-2014, 05:34 PM   #9
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,396

Rep: Reputation: 2017Reputation: 2017Reputation: 2017Reputation: 2017Reputation: 2017Reputation: 2017Reputation: 2017Reputation: 2017Reputation: 2017Reputation: 2017Reputation: 2017
Quote:
Originally Posted by sniper8752 View Post
I have a basic understanding of Linux, but remembered reading that to secure a machine, it is not best to have an account called "administrator" or "admin". Is this true?
Yes

Put a system you don't care about on the big nasty web (or forward port 22 to the system in your router), and watch /var/log/secure for all of the SSH hits. You'll see that 99% of the time these people/bots are trying to get in with user names like "admin", "oracle", etc. I'm not sure how effective these fishing attempts are in the big picture, but if they never worked, I doubt people would keep doing it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Converting Windows Administrator account to regular user... A Question. damgar General 2 06-08-2010 07:50 PM
A question about a new user account trist007 Linux - Newbie 3 12-14-2008 10:48 AM
is it legitimate and allowed and can be done to make another user account set uid and gid to null 0 to make another root account with different name and possibly not damage the debian system creating and using that new account BenJoBoy Linux - Newbie 12 01-29-2006 10:02 AM
User account question ! suakki Linux - Software 2 05-03-2004 05:56 PM
permissions question... can I make a directory writable from my user account hindenbergbaby Linux - Newbie 9 10-20-2003 04:42 PM


All times are GMT -5. The time now is 07:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration