Playing devil's advocate,
Let's assume I purchase a Linux server from a hosting provider. I am given a password for the root user and am told I may login using SSH. The only purpose this server has is to host one or more websites, possibly with SSL properly configured and enabled.
My initial login will be to install (via a well-reviewed and widely used package management system) and configure (by editing files in /etc
) a web server, a database, some software that does not access the Internet, and a web-application server (PHP-FPM, Unicorn, that sort of thing). The package management was smart enough to set up unprivileged users to run the servers, a configuration I maintain. Next I put some website files (PHP, Ruby, Python, etc) in /var/www
, and chown
all the those files to be owned by the same unprivileged user that runs runs as the web server process (ie. www-data
).
In the future, only I will login, and only to update the web site files and to perform some read-only operations like reviewing logs.
In the scenario above, is there any security-related reason, why I should create a non-root user account to use rather than the root user? After all, almost every command would be run with sudo
had I logged in with a non-root user.
Please Note: I understand there are many universally compelling security and non-security reasons to use non-root user(s). I am not asking about the necessity for non-root user accounts. My question is strictly limited to the limited setup I describe above. I think this is relevant because even though my example is limited, it is very common.