Create a non-root admin user
Avoid operating as root, where possible
It is generally considered an administrative best practise to avoid logging in and/or operating with elevated privileges, to the extent reasonable to do so. Therefore one needs a user that is not root for performing most operations, but which can gain elevated access when required. In addition if, as recommended, one prevents root login over SSH one needs a user than one can SSH into and gain temporary elevated privileges. (Assuming a remotely accessed system, of course).
Create a new user
adduser -g ",,," newadmin newadmin
Add doas or sudo
sudo is the traditional tool, doas comes from the *BSD world; both give elevated access. Discussing the relative merits is out of scope here, but we will use doas in our examples.
apk add doas
OR
apk add sudo
doas: allow your admin user to ‘become root’
Add your newadmin user as a doas user. Edit /etc/doas.d/doas.conf so that it contains:
permit newadmin
Login as new user and test access
- In a new virtual terminal (e.g via
Ctrl-Alt-F2) login at theloginprompt as yournewadminuser or start a new SSH session asnewadmin. - Execute
doas ls -al /root - You should see the directory listing for
/rootwhich is owned and readable only by therootuser.
Don’t forget to commit your changes
Otherwise they will be lost on reboot.
doas lbu commit