Two User Accounts Or One

New to Debian (Or Linux in general)? Ask your questions here!

Two User Accounts Or One

Postby hunkirdowne » 2010-01-24 20:05

Should I create a second user account for daily activities? That is, I have a root (superuser) account but log in with the user account I created during the installation process into a graphical environment (at the moment, KDE). Is this initial user account sufficiently secured for daily usage or should I create a second user account for myself?

Somewhere in the dark recesses of my memory I recall being instructed by some installation program to create an "ordinary" user account when the installation was completed. I guess the thinking here was that I would have (besides root) an "admin" user account and a more limited "user" account. Maybe I blew by it during the last install but I do not recall seeing this type message when I recently installed 5.0.3 fresh.

Being that I have to enter Administrator Mode to add a printer, I'm thinking that the non-root user account I created is sufficiently secured for daily use. But I wanted to hear that from a more up-to-date Debian user as I have been messing around with Debian-based distros for a couple of years and just now getting back to 'source' (a breath of fresh air, btw).
hunkirdowne
 
Posts: 11
Joined: 2009-11-09 00:29

Re: Two User Accounts Or One

Postby milomak » 2010-01-24 20:10

one should suffice. if you are security conscious you could always look at ways of restricting the user created during the install process.
iMac Late-2015 27" 5K Retina - MacOS and Windows 10 (Bootcamp)/ Debian Sid (External SSD)
Laptop (64-bit) - Debian Sid, Win10,
Kodi Box - Debian Sid
milomak
 
Posts: 1808
Joined: 2009-06-09 22:20

Re: Two User Accounts Or One

Postby smallchange » 2010-01-24 22:49

I suspect you are remembering an earlier installer that left you with only a root account and recommended adding a standard user. One is enough. Another account is only another way someone might break in.
smallchange
 
Posts: 1740
Joined: 2009-05-04 15:56

Single or multiple person household?

Postby Ahtiga Saraz » 2010-01-25 03:08

For a home linux system used by one person, the root user and one ordinary user is all you need for most purposes.

There's probably no harm in creating a second "ordinary user", Joe, just for the fun of seeing how many ways there are to do this, from stark shell commands to graphical "user administration" interfaces. Just give Joe a strong password. Next, you can practice deleting Joe--- just make sure you don't delete your original "ordinary user" by mistake.

If other family members use the computer, it would actually be a very good idea to create user accounts for each of them. Just make sure they all choose strong passwords. An application I find very useful for choosing memorable but reasonably strong passwords is available as a "deb" called "apg". If you have any trouble figuring out how to install it, ask again.

Here's a fun and useful thing you can try: in a shell (you can use the K menu call Konsole, if you use KDE), type
Code: Select all
su
cd /usr/local/bin

(You'll need to supply the password of your root user.) Then use an editor such as vim to create a file called genword:
Code: Select all
#!/bin/sh
# Generates 10 letter pronounceable strings
# syntax genword n
apg -M L -n $1 -m 10

Then in the shell type a command which makes this file readable and executable by your ordinary user (and Joe, if he still exists):
Code: Select all
chmod 755 genword

Now as your ordinary user (or Joe, or any other user on your system), you should be able to run, in any shell
Code: Select all
genword 5

That file is called a "bash script", by the way. It's a fun unix-friendly way to create little programs which do useful things.

Next, see if you can use KUser to create a group called "staff" and add your ordinary user to it. Then, as your root user again, you can change the permissions of the script so that only members of the admin group can use this script. Joe, if he still exists, won't be able to run it. (One tricky point: you will probably have to log out and log back in--- simplest just to reboot--- in order for your ordinary user to acquire the privileges of belonging to the group "staff".)

In the example script, it makes sense to let everyone use this script, but someday you might write a more sensitive script and then it might be handy to only allow some users to run it. This kind of group permission thing can be handy for parents: you can have an "adult" group, so that either parent can run an administrative utility without acquiring full root privileges.

Of course, anyone who knows the root password can always su to root and do anything. One reason why it might be inadvisable to do that very often yourself is that it is all too easy to forget that, in some konsole session, you are functioning as the root user. Linux will protect itself against non root user doing many foolish things, but there is no protection at all if the root user makes a good. Thus, many people prefer to use sudo as far as possible if they want to be able to run just one command as root and then immediately return to being their ordinary user. That requires monkeying with the sudoers file. An easier way is
Code: Select all
su -c "ps -ef"

which will run just the one command "ps -ef" with root privileges and then immediately drop the root privileges.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Re: Two User Accounts Or One

Postby hunkirdowne » 2010-01-31 15:33

A solid week without Internet access -- broadband gateway gave up the ghost!

Thanks for all the replies. Good bash script stuff.

Right now this is just a single home-user machine so the root and user accounts will suffice. If I add family members I give each of the older members an account of their own and younger ones (who cannot remember passwords and thus need help from older members) get a single shared account.

Interestingly enough my wife doesn't see the need for a root account on her computer but didn't mind me setting one up with a password that I know -- but she doesn't. Can't recall the number of times she's been "stuck" and I've had to rescue her with my password. Still she doesn't want to know it and is willing to wait on me getting home from work before getting "unstuck". Don't fear the machine! ;-)
hunkirdowne
 
Posts: 11
Joined: 2009-11-09 00:29

Re: Two User Accounts Or One

Postby drl » 2010-02-01 23:58

Hi.

I usually do two things along this line. First I add one additional account to make sure my programs ("codes") do not rely on anything specific in my account.

During installation I add the smallest filesystem that I can make. I can then test my codes to make sure they operate sanely when they run into a partition full situation ... cheers, drl
["Sure, I can help you with that." -- USBank voice recognition system.
( Mn, 2.6.x, AMD-64 3000+, ASUS A8V Deluxe, 3 GB, SATA + IDE, NV34 )
Debian Wiki | Packages | Backports | Netinstall
User avatar
drl
 
Posts: 434
Joined: 2006-09-20 02:27
Location: Saint Paul, Minnesota, USA


Return to Beginners Questions

Who is online

Users browsing this forum: No registered users and 4 guests

fashionable