Should I use a separate 'admin' user as my "root sudo" or grant sudo to my 'app' user?
Posted
by
AJB
on Ask Ubuntu
See other posts from Ask Ubuntu
or by AJB
Published on 2013-10-20T21:20:06Z
Indexed on
2013/10/20
22:11 UTC
Read the original article
Hit count: 234
I'm still wrapping my brain around the Ubuntu 'nullify root' user management philosophy (and Linux in general) and I'm wondering if I should 'replace' my root user with a user called 'admin' (which basically has all the powers of the root, when using sudo) and create another user called 'app' that will be the primary user for my app.
Here's the context:
- I'll be running a LNMP stack on Ubuntu 12.04 Server LTS.
- There will be only one app running on the server.
- The 'app' user needs to have SUPER privileges for MySQL.
- PHP will need to be able to exec() shell commands.
- The 'app' user will need to be able to transfer files via SFTP.
And I'm thinking this would be the best approach:
- nullify 'root' user
- create a user called 'admin' that will be a full sudoer of root, this will be the new "root" user of NGINX, PHP, and MySQL (and all system software)
- grant SUPER privileges to 'app' in MySQL
- Grant SFTP privileges to only the 'app' user.
As I'm new to this, and the information I've found in researching it tends to be of a more general nature, I'm wondering if this is a solid approach, or if it's unorthodox in a way that would cause issues down the road.
Thanks in advance for any help.
© Ask Ubuntu or respective owner