Hello everyone,
I want to set up a new Linux server and I don’t know what settings I need to configure for the root and the user.
That means, when setting up the operating system, I want to know if I should lock or leave the root user open and if I should create an admin-user. Can I directly create a user without a password and start working? However, this user would not be in the sudoers file and would not have permissions for necessary files or be able to use sudo.
Should I maybe change the /etc/sudoers file or is there a better way?
Every running process has associated account, group, and SELinux context. These determine what the process is allowed to do.
There is always account ‘root’ and it can do almost anything. In the old days all service processes did run as root, which was bad for security. That is why as many services as possible do now have their own account.
The AlmaLinux installer allows one to set a password for account ‘root’. There is also option to allow connect to the machine as root account, with that password. It is not recommended to allow the latter, but use “ssh keypairs” for authentication.
The installer does also allow addition of regular user accounts. These will be members of group ‘wheel’. Members of wheel can use sudo without limitations. Regular account can login remotely with SSH with password. Furthermore, when using sudo the password of the account is used. Therefore, it is important to set good password for these user accounts.
After install one can add accounts that are not members of wheel, i.e. cannot sudo, and one can remove the option to ssh with password.