loading...
DeSpider

Why Not to Use Root User?

sadiqur_rahman profile image Sadiqur Rahman Updated on ・1 min read

We all know that it is a bad practice to use root user. But not everyone of us may know the exact reasons. So here are some reasons to remember;

🔐 Security: All the hackers know that there is a root account and they would target the root account to breach in. To be safe and secure, root account should have logins disabled.

📳 Applications' Vulnerability: When an application is served using the root account, in case of vulnerability, hacker can execute code remotely and gain access. Also your application can erase important files or directories mistakenly.

🙊 Mistakes: Just like you and me, everyone else can make mistake. While rushing, one can run a command and find himself like "Holy Root! What have I done!". However, typing in "sudo ..." and password would give someone enough time to think twice.

👉👈 Accountability and Responsibility: To have a clear accountability and responsibility map, users should always use different user accounts based on their roles. This way, we would know who did what and who is responsible for what.

⭐ Solution ⭐: "Least Privilege Principle" is a very good rule of thumb. Give users the least privilege to accomplish a task. This way you are not discriminating your colleagues nor are you having less trust in them. You are in fact making everyone safe, including your colleagues from unintentional mistakes, your users from being compromised and your organization from a humiliation.
Thank you for reading 🙂 Stay safe and healthy 👋

Posted on Jun 25 by:

Discussion

markdown guide
 

Hard disagree. sudo isn't a proper security mechanism.

 

That's not the point here ^^
If you have some privileges for a good reason (let's say you are netw admin or whatever), and you need to use them use sudo instead of being always root.
This way it limits error that you can do while being root.
It's a very simple limitation of course, it's just a bit better ^^ It can't protect you from yourself :p