hi, im new to Linux and currently running Ubuntu 20.04 LTS on a vps. Like to ask some question rgd the correct way to user management -

1) is it a good practice(security reason) to first create a (regular)user with sudo right and disable root login when system is first setup?

2) will that cause any issue in later days like in Windows some program will not run unless its run as Administrator?

3) will changing the name of the root account(root) be more safe? to prevent bruteforcing password with 'root'. but heard that is not a good idea as it will break something in the system

thank you,

My opinions: Unless you absolutely need it do not allow root login. There are only a couple of esoteric times you need it. If you run into one of those do what you have to do and then immediately disable it. Yes, immediately after installation give your primary user sudo privileges. Make sure that user has a strong password. 99.999% of programs that need administrator privileges will run with sudo and should be run with sudo and not with root. If root doesn't have a password it can't be brute forced, right?

Hi and welcome.

1) Maybe. You'll get different opinions from different users. It is the "standard" way for Ubuntu, so maybe sticking with this until you get more experienced is a good idea.

2) No it won't, that's what sudo is for.

3) You'll need to choose a secure password. For your sudo user as well - sudo gives them the ability to harm your system. When I'm concerned about brute force attempts at passwords, I use a long passphrase (with spelling mistakes, alternate words in different languages etc).

hi guys, thanks for the suggestion. i think i will go ahead and create a new user and disable the root. beside more secure, could learn something new.

but before i jump into it, would like to confirm this 2 points -

1) the vps is already setup with vpn, nginx and letsencrypt cert. doing this now wont break anything right?

2) forget to mention - i will be using ssh key authentication to login using Putty - will set it up after all is set and done. so all ok with disabling the root? scare that i might get lockout if do something wrong

p/s - according to this webpage, we hvto create '.ssl' for each user else they would not be able to login(if password login is disabled). can anyone confirms that? - https://unix.stackexchange.com/quest...ed-with-a-user

cheers,

YES!
No. Most Linux systems expect it to be that way anyhow.

Changing the name of root? NO!!!
Don't do that. Instead disable remote root login completely (ssh).

hi guys, reporting back - hv setup another vps for this test as dont want to risk doing something wrong on the running server. hv successfully done all the listed things above - create user, add sudo, disable root, add ssh keys. thank you

cheers,