Replies: 1 comment 2 replies
-
|
I would always recommend that for Linux in general, not just in Cockpit. It decreases the attack surface a lot to not run your entire desktop/SSH/Cockpit session as root, increases brute force effort (you need to guess user names correctly as well), provides better auditing who did what on a machine, and enables multiple admins without having to share admins. Some distros like Ubuntu have never enabled the root account by default even. |
Beta Was this translation helpful? Give feedback.
-
|
Yes, I totally agree with you! I made a mistake in my thinking: I didn't want to add sudo rights to the standard user because I also use this user to log in the system with SSH. I forgot that I also configured SSH with public authentication so I already have added an extra security (the public key). I will add sudo rights to the normal user and block the root access in Cockpit. Root access is enabled in Cockpit in case there is not (yet) a user with sudo rights (like in my case)? |
Beta Was this translation helpful? Give feedback.
-
|
"Cockpit" does not "enable" root access. Distribution installers or admins do -- this is a function of setting a root password or locking it. I.e. this is not Cockpit specific, whenever /etc/shadow enables the root account, you can log in through cockpit, a VT, GNOME/KDE, or Cockpit, and even SSH (although that has an additional option to forbid logging in as root). |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello Cockpit developers,
What is the best practice using Cockpit?
Lock the root account and give a normal user
sudorights?So don't use the root account at all?
Beta Was this translation helpful? Give feedback.
All reactions