When you bring a fresh Ubuntu server online, the common mistake is this: you log in as root once… and then just keep using root forever.
That works—right up until one bad command wipes half your system.
This guide is for anyone who just got a new Ubuntu server (or Droplet, VPS, whatever) and wants a safer, saner starting point. We’ll walk through logging in as root, why that’s dangerous long-term, and how to create a regular user account you’ll use from now on.
I’ll keep it practical and short. We’re just setting the foundation.
1. Log In as Root (First and Only Time)
When a new server is created, most providers give you root access directly. That’s normal for day one.
You’ll need two things:
– Your server’s public IP address
– The root password or your root SSH key
On your local machine (Linux, macOS, or WSL/SSH client on Windows), run:
ssh root@SERVER_IP_ADDRESS
Replace SERVER_IP_ADDRESS with the real IP address.
You’ll probably see a message about host authenticity the first time:
- Type
yesand press Enter to continue. - Then enter your root password, or let your SSH key handle auth if you set one.
If this is truly the first login and you’re using a password, you’ll be forced to change the root password. Go ahead and do it—choose something strong, because for now root is your only door.
Why this matters:
– You must do the initial setup as root because it has full control.
– We’re going to use that power to create a safer user and then stop using root for daily stuff.
2. Understand Why Root Is Dangerous for Daily Use
Linux has one superuser: root. It can do anything. And I mean anything.
That includes:
– Installing and removing software
– Editing any file on the system
– Changing permissions and ownership
– Deleting important system files with zero questions asked
The problem isn’t that root exists—the problem is using it casually.
When you’re root, even a simple typo in a command can be destructive. There’s no seatbelt.
So the classic safe pattern is:
– Use root only for initial setup and rare admin tasks.
– Use a regular user account for everything else.
We’ll create that regular user next.
3. Create a New User for Daily Work
Stay logged in as root for now.
We’re going to add a new user account that you’ll use from this point on. The example uses the name demo, but swap that with a username you like.
Run:
adduser demo
You’ll be asked to:
– Enter a password for this new user
– Re-enter the password to confirm
– Optionally fill in user details (Full Name, Room Number, etc.)
Those extra details are optional. If you don’t care, just press Enter to skip each field.
At the end, the system will ask you to confirm the information:
- Type
Y(or just press Enter if it suggests yes) to accept.
What you’ve just done:
– Created a separate user with its own home directory and password.
– Set yourself up to stop living in the root account.
This is already a big safety improvement.
4. Test the New User Login (Before You Log Out of Root)
Common mistake: people create the new user, log out of root, then discover they can’t log back in properly.
Let’s avoid that.
While you’re still logged in as root, open a new terminal window or tab on your local machine and try logging in as the new user:
ssh demo@SERVER_IP_ADDRESS
Again, replace demo and the IP with your actual values.
Enter the password you just created for this user.
If you get in successfully, good—you now have:
– Root access (old window)
– Regular user access (new window)
This gives you a safe way to fix things if you misconfigure something under the new user later.
If you can’t log in as the new user:
– Double-check the username (typos happen).
– Make sure you’re using the new user’s password, not root’s.
Fix that now while you still have a working root session open.
5. Plan Your Next Steps Safely
At this point, using only what we covered:
You have:
– A working root login via SSH.
– A new, non-root user account with its own password.
– The ability to log in as that user with SSH.
You do not want to keep using root for:
– Editing website files
– Running random commands you find on the internet
– Uploading or managing WordPress/WooCommerce stuff
Instead, from now on:
– Log in as your regular user (like demo) for day-to-day work.
– Use extra privileges only when needed (using tools and methods you’ll set up later).
If you’re about to start building a WordPress site or hosting anything important, this basic separation between root and a regular user is your first safety layer.
6. Common Pitfalls and How to Avoid Them
Even with just this basic setup, there are a few things that commonly go wrong.
1. Staying logged in as root for everything
Symptom:
– You log in as root every time and never use the new user.
Why it’s a problem:
– Every command you run has the potential to break the system.
Fix:
– Make it a habit: always SSH in as your regular user (demo@SERVER_IP_ADDRESS).
– Keep root only for rare admin tasks.
2. Forgetting the new user’s password
Symptom:
– You created the user, logged out, and can’t remember the password.
Fix if you still have root access:
– Log in as root again and reset the password:
bash
passwd demo
- Enter a new password when prompted.
3. Confusing root’s password and the user’s password
Symptom:
– You try to log in as demo but keep entering the root password.
Fix:
– Slow down; double-check:
– root@SERVER_IP_ADDRESS uses root’s password.
– demo@SERVER_IP_ADDRESS uses demo’s password.
If you’ve truly mixed them up, use root (if available) to reset the user password as above.
7. Safety First: General Habits for This Stage
Even with this simple baseline setup, a few habits will make your life a lot easier later:
- Write down IP and users somewhere secure
Keep track of: - Server IP address
- Root username and password
- Your new user’s username and password
-
Don’t experiment as root
If you want to “try something” you found in a random blog or forum, test it as your regular user. Only escalate to root-level changes when you understand what the command does. -
Use a staging or test server where possible
If this box will host a live site later, keep big experiments away from it. Do them on a separate test server or locally first.
Those small precautions save you from those “why is everything broken” evenings. Been there.
8. Quick Recap
We did the bare essentials of an initial Ubuntu server setup:
- Logged into the new server as root using SSH:
bash
ssh root@SERVER_IP_ADDRESS - Understood why root is too powerful (and too risky) for daily use.
- Created a new user for normal work with:
bash
adduser demo - Confirmed we can log in as that new user via SSH.
From here, you’re ready to continue hardening the server and installing whatever stack you need—web server, database, PHP, WordPress, WooCommerce, whatever your project demands.
But foundation first. You’ve just put that in place.
If this saved you time, bookmark CrushEdge for more fixes.
No Comments