The only thing that distinguishes my admin account from normal accounts is that my admin account is a member of the sudo
group and can run sudo
. Is it any less secure to use my admin account for daily work? If yes, why?
Assume that I am very careful where I enter my password and know what a command does before executing it, of course.
If I used a normal non-admin account for my daily account, when I needed to run something as root I would su
into my admin account (not into root, as that has no password and is disabled!) and there run the sudo
command in the admin shell; or, I would switch users graphically. Thus, the amount of commands that would be run is the same — using a normal account would just mean that I have to enter my admin password twice when running something as root.
So, should advanced users do everyday work on a normal account instead of an admin account? And why or why not?
Please note that by "admin account" I mean an account with privilege to use sudo
to run commands as root – not the root account itself. I never log in as root.
Best Answer
No risk while not root
From my understanding for an administrator, or
sudo
user it is working just like a normal desktop user as long as we don't saysudo
- so there should be no additional risk.Risk of accidentally becoming root
It is also true that a user having potentially admininistrator permissions needs to watch out at bit closer where, when, or whom they give away their password.
I can imagine (though I never met one) an evil application or a script asking you for your password without telling you what for. It likely will perform something with root permissions, as it would not need your password otherwise. If I don't know what this application does I would simply not give it my root password.
We are also responsible to dismiss root permission again after we are finished. It always is a bad idea to stay root while working with a graphical application such as e.g. Nautilus.
Risk of losing root access
Another "risk" may be that you do something bad with your account that prevents you from logging in. Therefore I always create at least two administrator users on any box I install Ubuntu to. This is for the case something breaks my main account.