Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Two User Accounts Or One

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
hunkirdowne
Posts: 11
Joined: 2009-11-09 00:29

Two User Accounts Or One

#1 Post by hunkirdowne »

Should I create a second user account for daily activities? That is, I have a root (superuser) account but log in with the user account I created during the installation process into a graphical environment (at the moment, KDE). Is this initial user account sufficiently secured for daily usage or should I create a second user account for myself?

Somewhere in the dark recesses of my memory I recall being instructed by some installation program to create an "ordinary" user account when the installation was completed. I guess the thinking here was that I would have (besides root) an "admin" user account and a more limited "user" account. Maybe I blew by it during the last install but I do not recall seeing this type message when I recently installed 5.0.3 fresh.

Being that I have to enter Administrator Mode to add a printer, I'm thinking that the non-root user account I created is sufficiently secured for daily use. But I wanted to hear that from a more up-to-date Debian user as I have been messing around with Debian-based distros for a couple of years and just now getting back to 'source' (a breath of fresh air, btw).

milomak
Posts: 2158
Joined: 2009-06-09 22:20
Been thanked: 1 time

Re: Two User Accounts Or One

#2 Post by milomak »

one should suffice. if you are security conscious you could always look at ways of restricting the user created during the install process.
Desktop: A320M-A PRO MAX, AMD Ryzen 5 3600, GALAX GeForce RTX™ 2060 Super EX (1-Click OC) - Sid, Win10, Arch Linux, Gentoo, Solus
Laptop: hp 250 G8 i3 11th Gen - Sid
Kodi: AMD Athlon 5150 APU w/Radeon HD 8400 - Sid

smallchange
Posts: 1740
Joined: 2009-05-04 15:56
Been thanked: 1 time

Re: Two User Accounts Or One

#3 Post by smallchange »

I suspect you are remembering an earlier installer that left you with only a root account and recommended adding a standard user. One is enough. Another account is only another way someone might break in.

Ahtiga Saraz
Posts: 1014
Joined: 2009-06-15 01:19

Single or multiple person household?

#4 Post by Ahtiga Saraz »

For a home linux system used by one person, the root user and one ordinary user is all you need for most purposes.

There's probably no harm in creating a second "ordinary user", Joe, just for the fun of seeing how many ways there are to do this, from stark shell commands to graphical "user administration" interfaces. Just give Joe a strong password. Next, you can practice deleting Joe--- just make sure you don't delete your original "ordinary user" by mistake.

If other family members use the computer, it would actually be a very good idea to create user accounts for each of them. Just make sure they all choose strong passwords. An application I find very useful for choosing memorable but reasonably strong passwords is available as a "deb" called "apg". If you have any trouble figuring out how to install it, ask again.

Here's a fun and useful thing you can try: in a shell (you can use the K menu call Konsole, if you use KDE), type

Code: Select all

su
cd /usr/local/bin
(You'll need to supply the password of your root user.) Then use an editor such as vim to create a file called genword:

Code: Select all

#!/bin/sh
# Generates 10 letter pronounceable strings
# syntax genword n
apg -M L -n $1 -m 10
Then in the shell type a command which makes this file readable and executable by your ordinary user (and Joe, if he still exists):

Code: Select all

chmod 755 genword
Now as your ordinary user (or Joe, or any other user on your system), you should be able to run, in any shell

Code: Select all

genword 5
That file is called a "bash script", by the way. It's a fun unix-friendly way to create little programs which do useful things.

Next, see if you can use KUser to create a group called "staff" and add your ordinary user to it. Then, as your root user again, you can change the permissions of the script so that only members of the admin group can use this script. Joe, if he still exists, won't be able to run it. (One tricky point: you will probably have to log out and log back in--- simplest just to reboot--- in order for your ordinary user to acquire the privileges of belonging to the group "staff".)

In the example script, it makes sense to let everyone use this script, but someday you might write a more sensitive script and then it might be handy to only allow some users to run it. This kind of group permission thing can be handy for parents: you can have an "adult" group, so that either parent can run an administrative utility without acquiring full root privileges.

Of course, anyone who knows the root password can always su to root and do anything. One reason why it might be inadvisable to do that very often yourself is that it is all too easy to forget that, in some konsole session, you are functioning as the root user. Linux will protect itself against non root user doing many foolish things, but there is no protection at all if the root user makes a good. Thus, many people prefer to use sudo as far as possible if they want to be able to run just one command as root and then immediately return to being their ordinary user. That requires monkeying with the sudoers file. An easier way is

Code: Select all

su -c "ps -ef"
which will run just the one command "ps -ef" with root privileges and then immediately drop the root privileges.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

hunkirdowne
Posts: 11
Joined: 2009-11-09 00:29

Re: Two User Accounts Or One

#5 Post by hunkirdowne »

A solid week without Internet access -- broadband gateway gave up the ghost!

Thanks for all the replies. Good bash script stuff.

Right now this is just a single home-user machine so the root and user accounts will suffice. If I add family members I give each of the older members an account of their own and younger ones (who cannot remember passwords and thus need help from older members) get a single shared account.

Interestingly enough my wife doesn't see the need for a root account on her computer but didn't mind me setting one up with a password that I know -- but she doesn't. Can't recall the number of times she's been "stuck" and I've had to rescue her with my password. Still she doesn't want to know it and is willing to wait on me getting home from work before getting "unstuck". Don't fear the machine! ;-)

User avatar
drl
Posts: 427
Joined: 2006-09-20 02:27
Location: Saint Paul, Minnesota, USA

Re: Two User Accounts Or One

#6 Post by drl »

Hi.

I usually do two things along this line. First I add one additional account to make sure my programs ("codes") do not rely on anything specific in my account.

During installation I add the smallest filesystem that I can make. I can then test my codes to make sure they operate sanely when they run into a partition full situation ... cheers, drl
["Sure, I can help you with that." -- USBank voice recognition system.
( Mn, 2.6.x, AMD-64 3000+, ASUS A8V Deluxe, 3 GB, SATA + IDE, NV34 )
Debian Wiki | Packages | Backports | Netinstall

Post Reply