To protect your server from unauthorized access, basic commands to alter system information such as date cannot be executed if you are not the root user. When logging in as the user root, you have unlimited system-wide access to all aspects of the operating system.

You should be very careful while logging in as root, since simple mistakes such as inadvertent deletion of a system file can be very costly. Some mistakes can render your server completely dysfunctional, or worse, prevent you from subsequent logging back in once you log out the current root session.

For this reason, it is a good practice to create a non-root user account for general adminstration functions of your server. You should log in as root only when absolutely needed. If you need root authority, you can temporarily switch to root (via su), perform the desired functions quickly and then log back out. Mistakes while logging in as a non-root user are limited to the files owned by that user and all system aspects are protected.

On your dedicated server, the most important and visible component of the website is the web server (apache). It is a good idea to let the web server and all of its supported components to run as a specific non-root user.

In the event of a server break-in or security breach, the intruder access is limited to files and directories owned by this non-root user, which can be quickly replicated or restored. The intruder does not have root access, and therefore, cannot view or modify system configuration and files owned by other users.

It is important that the root password must be carefully guarded, and all programs and scripts that may expose the use of the root password must be protected as well. You need to change the original root password supplied to connect to your server the very first time. You may also want to delete any initial non-root user names supplied by your hosting provider.

In unavoidable cases when you must reveal out your current root password to your hosting provider to perform server maintenance functions, it is a good practice to change the root password immediately after the maintenance is done. Your server integrity is protected and cannot be accessed by anyone even if one has physical access to it.

The following two shell commands create a new non-root user name 'blee' with a password. The new password must be retyped to avoid mistyping. Strong passwords should have at least seven or eight characters with no repetition of letters or numbers. You should pick a password which is not dictionanry-based, easy for you to remember and difficult for others to figure out.

The command adduser and passwd are used as following to create a user with appropriate password.

[root@ ~]# adduser blee
[root@ ~]# passwd blee
Changing password for user blee.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@ ~]#

If a user name is already defined, requesting the same user name yields the following error. An existing user name can be removed with userdel.

[root@ ~]# adduser blee
adduser: user blee exists
[root@ ~]# userdel blee
[root@ ~]#

The following user names are prone to inviting intruders and should be avoided since they are default names of many Linux tools or names of the file system components: root, bin, sbin, var, tmp, usr, daemon, adm, lp, sync, shutdown, halt, mail, news, uucp, operator, games, nobody, ftp, etc.