Question
One-Click Install Apps: create a new user to avoid using roote user
- Posted on November 5, 2018
- Ubuntu 18.04DigitalOcean 1-Click Apps MarketplaceWordPress
Asked by marcelo2605
One of the secutity steps to protect Ubuntu instalattion is create a daily user with less privileges that administrative user (root user), as described in this tutorial.
This is necessary when I use One-Click Install Apps or it’s one of secutity task automatically runned when I install it (in my case, WordPress)?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Hey friend!
That’s a great question. I’m afraid the answer won’t be as clear. First I’ll say that is not automatically done in the one-click images. Second, I’ll add that whether or not it’s necessary is up to you. The web server will run Wordpress through the privileged user “www-data” which does mean that a compromised Wordpress is not necessarily a compromised root user (I’ll side-step privilege escalation for this discussion as it gets further away from common, automated compromises).
Now, if you’re just managing a Wordpress site and the only reason you log in is to update packages (apt-get update && apt-get upgrade), you’re either going to use a sudo user or root, so most people honestly just stick with root and lock it down to SSH key only.
Since Wordpress isn’t running as root, and since you’re probably not doing much in the terminal, creating a second privileged user is probably not something that is worth your time to do (or would be of any real value in that case). That’s my two cents, and this is a topic in which someone will absolutely disagree with me (and they won’t be wrong for doing so).
Jarland
Thanks for the explanation @jarland!