Server recommended vs. common practices
by upnort from LinuxQuestions.org on (#4QJY4)
I am seeking observations about common practices in the enterprise with respect to server root accounts versus traditional industry recommendations. The thread is about common observed practices and not recommended practices and with respect to business networks rather than home or labs.
* Is logging into servers directly with the root account common?
* Is creating a server with only the root account common (no user accounts)?
* If creating user accounts is common, are the accounts single user accounts accessible by all users or accounts specific to each user needing access?
Both remote SSH access and local access are included in the questions.
Thanks for your time. :)
Background: At work I am gathering information for the owners about common industry configuration and security practices.
I'm not looking for judgments or criticism. Just what is commonly observed in the enterprise. I work for a really small less than 10 employees mom-and-pop and not in a large or mid-size business.
At work I inherited responsibility for several Linux servers. Several of these systems are public-facing. Nominal good news: all have remote SSH configured for keys only. Not good news: almost all of them only have a root account. Not good news: all servers use the same root password for local logins. Nominal good news: none of the systems have ever been knowingly compromised.
My understanding of the traditional recommendation is disable the root account but if impractical then create user accounts for each user who needs access and elevate privileges as needed from the user account. For auditing and control, creating a user account for each user needing access is preferred rather than a single account accessible to all.
As is often is the case at many businesses, at stake here is a heavy focus on convenience versus basic security practices. Part of my notes is being able to present to the owners the perceived risks vs, perceived benefits.
* Is logging into servers directly with the root account common?
* Is creating a server with only the root account common (no user accounts)?
* If creating user accounts is common, are the accounts single user accounts accessible by all users or accounts specific to each user needing access?
Both remote SSH access and local access are included in the questions.
Thanks for your time. :)
Background: At work I am gathering information for the owners about common industry configuration and security practices.
I'm not looking for judgments or criticism. Just what is commonly observed in the enterprise. I work for a really small less than 10 employees mom-and-pop and not in a large or mid-size business.
At work I inherited responsibility for several Linux servers. Several of these systems are public-facing. Nominal good news: all have remote SSH configured for keys only. Not good news: almost all of them only have a root account. Not good news: all servers use the same root password for local logins. Nominal good news: none of the systems have ever been knowingly compromised.
My understanding of the traditional recommendation is disable the root account but if impractical then create user accounts for each user who needs access and elevate privileges as needed from the user account. For auditing and control, creating a user account for each user needing access is preferred rather than a single account accessible to all.
As is often is the case at many businesses, at stake here is a heavy focus on convenience versus basic security practices. Part of my notes is being able to present to the owners the perceived risks vs, perceived benefits.