The YunoHost documentation says “YunoHost has this additional ‘admin’ user for several technical reasons.” ^1
Could anyone elaborate what specifically are the “technical reasons“ behind such design? I have limited experience with Linux sysadmin and webadmin, and one potential factor I can think of is security concerns (but how using a differently named privileged account is securer than using root I’m not sure).
Is there any additional reason? Any input will be appreciated!
Hmpf yeah it’s somewhat debatable. I can think of three~four reasons :
- Historically there was a need for user inside the LDAP database to act as the “super user”. But root was only used as the “super user” of the “regular Linux” user database, so a different name was needed, hence
- Some people tend to be super-paranoid about being logged as “root” and this is indeed a bad practice for some reason … which also depend on the context : for example, if you’re in a team of people at work and regularly doing sysadmin work on the same machine, it’s difficult to track who made what change.
- Related to previous fact, bots on the internet tend to brute-force SSH access for
root a 90% of the time, because it’s somewhat “common” that people having no clue about security will leave a stupidly easy password on root despite the fact that the server is exposed … So at least, using a less-common username prevents bots from easily bruteforcing their way in in the eventuality that you’re using a stupidly simple password (though Yunohost also now ships other countermeasure to prevent you from defining such a password)
root is a kinda obscure and ambiguous name ? (Sometime you want to refer to "the root of the filesystem, ie
/, which is a different thing).
admin is somewhat more noob-friendly to understand
With that said, the plan is actually to drop that
admin user. It’s too confusing for many reason.
One of those being that the very first user you create on Yunohost also has a special status because it gets the aliases for firstname.lastname@example.org and email@example.com, effectively receiving all the technical admin mails that may be send by the system.
Additionally, when installing apps you are sometimes invited to choose an “admin user” for this app, which ain’t going to be the LDAP “admin” user because it’s not a regular user …
Instead, there should be a special
admins group containing regular admin user, and all of those should be able to login to the webadmin. This should be less confusing
Wow thanks for the detailed answer! The LDAP factors are beyond my knowledge but did get that a lot of balances and compromises were involved in the decision making.