Replies: 1 comment 2 replies
-
|
I would always recommend that for Linux in general, not just in Cockpit. It decreases the attack surface a lot to not run your entire desktop/SSH/Cockpit session as root, increases brute force effort (you need to guess user names correctly as well), provides better auditing who did what on a machine, and enables multiple admins without having to share admins. Some distros like Ubuntu have never enabled the root account by default even. |
Beta Was this translation helpful? Give feedback.
-
|
Yes, I totally agree with you! I made a mistake in my thinking: I didn't want to add sudo rights to the standard user because I also use this user to log in the system with SSH. I forgot that I also configured SSH with public authentication so I already have added an extra security (the public key). I will add sudo rights to the normal user and block the root access in Cockpit. Root access is enabled in Cockpit in case there is not (yet) a user with sudo rights (like in my case)? |
Beta Was this translation helpful? Give feedback.
-
|
"Cockpit" does not "enable" root access. Distribution installers or admins do -- this is a function of setting a root password or locking it. I.e. this is not Cockpit specific, whenever /etc/shadow enables the root account, you can log in through cockpit, a VT, GNOME/KDE, or Cockpit, and even SSH (although that has an additional option to forbid logging in as root). |
Beta Was this translation helpful? Give feedback.
-
Hello Cockpit developers,
What is the best practice using Cockpit?
Lock the root account and give a normal user
sudorights?So don't use the root account at all?
Beta Was this translation helpful? Give feedback.
All reactions