linux user account question
I have a basic understanding of Linux, but remembered reading that to secure a machine, it is not best to have an account called "administrator" or "admin". Is this true?
Also, if I want to login and do administrative tasks, should I login to an administrator account, or a standard user account? I noticed with the admin. account, I would still have to enter my password, so does it really matter? And what exactly are the differences between the administrator and standard account type? |
Quote:
|
In Linux (most distros) there will be a root account, this is akin to a Windows administrator level account. This account has full access to all data on the system, can install applications, can delete boot files, it has a high level of trust. There is also the standard user account you log into to get to a desktop/terminal. When you are in a terminal the user starts off with (again normally) a $ and the root user gets to have the # as the prompt.
The best practices that I have been tought are: 1. Disallow the root user from having a graphical desktop login, this prevents getting in the habbit of running everything as root. 2. Use sudo to run commands as root when necessary. This requires you to have sudo setup ubuntu has by default, fedora if you install in the administrators/wheel group, Mint by default. Sudo can be configured to allow root access to some functions but not to others. 3. Use su -c 'command' when you have to, or when being extra careful about local security. This will require the root password not your account password. 4. Use su to enter the super user shell if you broke something really bad and need to fix it before you get fired, or you intend to kill the computer. TLDR: use a user account and elevate to root as necessary is the best for security. |
Haha! - I like the TLDR at the end! But I appreciate your response - and I did read it all!
How do I go about doing #1? I never heard of that. |
Most distros have that by default. For instance Ubuntu actually disables the entire root login by default. I mostly use Fedora or Mint and both of these root cannot log into a desktop without some special help. If you use a user account other than root for your normal tasks you are doing fine.
|
the "GUI boot as root " in most linux based Operating systems has been disabled
the main reason is that the software than manages the GUI is Xorg and Xorg is old and aging and is in NEED of being replaced it is NOT !!!! secure and should not be ran as "root" that will allow many many many AND AGAIN WAY TOO MANY security issues but not every linux distro dose block this Fedora BLOCKS IT!!! and has done so since fedora 12 - 4.5 years ago OpenSuse -- yes and no you can re enable it and use it ( it is your choice ) Ubuntu - DISABLED and might not even have a real root user RHEL/CentOS/SL -- ENABLED -- these users " ? should ?" already know the DANGER and act accordingly Slackware ? i do not know Arch - did but now i think it is blocked Kali 1.0.6 - there is ONLY a root account ( a very SPECIAL purpose OS and for mainly ONLY FOR ONE USE... ) |
Security is a relative thing. If you never attach to a network, and are the only one with physical access, it's all a bit moot. Unfortunately a lot of todays devices are always on and always connected.
|
Quote:
|
Quote:
Put a system you don't care about on the big nasty web (or forward port 22 to the system in your router), and watch /var/log/secure for all of the SSH hits. You'll see that 99% of the time these people/bots are trying to get in with user names like "admin", "oracle", etc. I'm not sure how effective these fishing attempts are in the big picture, but if they never worked, I doubt people would keep doing it. |
All times are GMT -5. The time now is 05:59 AM. |