Hardening the Weakest Link: Why You Should Run Your Linux Workstation with a Non-Root User by Default

Introduction to Non-Root Users

I’ve seen many Linux workstations compromised due to reckless use of the root account. Running a Linux workstation with a non-root user by default is a simple yet effective way to harden your system against potential security threats. By not using the root account for daily activities, you significantly reduce the attack surface of your system. In practice, this means you’ll be less vulnerable to malware and other exploits that rely on elevated privileges.

Creating a Non-Root User

To create a new user, I usually start with the useradd command. For example, to create a new user named john, you would run:

sudo useradd -m -s /bin/bash john

This command creates a new user named john with a home directory and sets the default shell to /bin/bash. Don’t bother with the -m option if you don’t want a home directory created. You can then set a password for the new user using the passwd command:

sudo passwd john

Once the new user is created, you can switch to that user using the su command:

su - john

Alternatively, you can use the sudo command to run commands as the new user:

sudo -u john command

Replace command with the actual command you want to run.

Configuring Sudo

The real trick is configuring sudo to allow your non-root user to run commands with elevated privileges. You can do this by adding the user to the sudo group:

sudo usermod -aG sudo john

This command adds the john user to the sudo group, which allows them to run commands with elevated privileges using the sudo command. This is where people usually get burned - they forget to configure sudo properly, and their non-root user ends up being unable to perform essential tasks. You can also configure sudo to allow the user to run specific commands without a password. For example, to allow the john user to run the apt command without a password, you can add the following line to the /etc/sudoers file:

john ALL=(ALL) NOPASSWD: /usr/bin/apt

This line allows the john user to run the apt command without entering a password.

Best Practices

When running a Linux workstation with a non-root user, there are some best practices to keep in mind. First, make sure to use strong passwords for all users, including the root user. I recommend using a password manager like KeePass to generate and store strong passwords. In practice, this means you’ll have unique, complex passwords for each user, making it much harder for attackers to gain access. Second, keep your system up to date by regularly running the apt command to update packages. You can also use tools like Debian’s package tracker to stay informed about package updates.

Security Considerations

Running a Linux workstation with a non-root user by default has several security benefits. For one, it reduces the attack surface of your system by limiting the privileges of the user. This makes it more difficult for an attacker to gain elevated privileges and cause damage to your system. Additionally, using a non-root user makes it easier to audit system activity, as all commands run by the user are logged and can be reviewed. For more information on Linux security, you can visit the Linux Kernel documentation.

Troubleshooting

If you encounter issues while running a Linux workstation with a non-root user, there are several troubleshooting steps you can take. First, check the system logs to see if there are any error messages related to the issue. You can use the journalctl command to view system logs. Second, try running the command with elevated privileges using the sudo command to see if the issue is related to permissions. Finally, you can try switching to the root user to see if the issue persists.