Initial Ubuntu Server Setup: Root Login and First User Safel

Initial Ubuntu Server Setup: Root Login and First User Safely

When you bring a fresh Ubuntu server online, the common mistake is this: you log in as root once… and then just keep using root forever.

That works—right up until one bad command wipes half your system.

This guide is for anyone who just got a new Ubuntu server (or Droplet, VPS, whatever) and wants a safer, saner starting point. We’ll walk through logging in as root, why that’s dangerous long-term, and how to create a regular user account you’ll use from now on.

I’ll keep it practical and short. We’re just setting the foundation.

1. Log In as Root (First and Only Time)

When a new server is created, most providers give you root access directly. That’s normal for day one.

You’ll need two things:
– Your server’s public IP address
– The root password or your root SSH key

On your local machine (Linux, macOS, or WSL/SSH client on Windows), run:

ssh root@SERVER_IP_ADDRESS

Replace SERVER_IP_ADDRESS with the real IP address.

You’ll probably see a message about host authenticity the first time:

  • Type yes and press Enter to continue.
  • Then enter your root password, or let your SSH key handle auth if you set one.

If this is truly the first login and you’re using a password, you’ll be forced to change the root password. Go ahead and do it—choose something strong, because for now root is your only door.

Why this matters:
– You must do the initial setup as root because it has full control.
– We’re going to use that power to create a safer user and then stop using root for daily stuff.

2. Understand Why Root Is Dangerous for Daily Use

Linux has one superuser: root. It can do anything. And I mean anything.

That includes:
– Installing and removing software
– Editing any file on the system
– Changing permissions and ownership
– Deleting important system files with zero questions asked

The problem isn’t that root exists—the problem is using it casually.

When you’re root, even a simple typo in a command can be destructive. There’s no seatbelt.

So the classic safe pattern is:
– Use root only for initial setup and rare admin tasks.
– Use a regular user account for everything else.

We’ll create that regular user next.

3. Create a New User for Daily Work

Stay logged in as root for now.

We’re going to add a new user account that you’ll use from this point on. The example uses the name demo, but swap that with a username you like.

Run:

adduser demo

You’ll be asked to:
– Enter a password for this new user
– Re-enter the password to confirm
– Optionally fill in user details (Full Name, Room Number, etc.)

Those extra details are optional. If you don’t care, just press Enter to skip each field.

At the end, the system will ask you to confirm the information:

  • Type Y (or just press Enter if it suggests yes) to accept.

What you’ve just done:
– Created a separate user with its own home directory and password.
– Set yourself up to stop living in the root account.

This is already a big safety improvement.

4. Test the New User Login (Before You Log Out of Root)

Common mistake: people create the new user, log out of root, then discover they can’t log back in properly.

Let’s avoid that.

While you’re still logged in as root, open a new terminal window or tab on your local machine and try logging in as the new user:

ssh demo@SERVER_IP_ADDRESS

Again, replace demo and the IP with your actual values.

Enter the password you just created for this user.

If you get in successfully, good—you now have:
– Root access (old window)
– Regular user access (new window)

This gives you a safe way to fix things if you misconfigure something under the new user later.

If you can’t log in as the new user:
– Double-check the username (typos happen).
– Make sure you’re using the new user’s password, not root’s.

Fix that now while you still have a working root session open.

5. Plan Your Next Steps Safely

At this point, using only what we covered:

You have:
– A working root login via SSH.
– A new, non-root user account with its own password.
– The ability to log in as that user with SSH.

You do not want to keep using root for:
– Editing website files
– Running random commands you find on the internet
– Uploading or managing WordPress/WooCommerce stuff

Instead, from now on:
– Log in as your regular user (like demo) for day-to-day work.
– Use extra privileges only when needed (using tools and methods you’ll set up later).

If you’re about to start building a WordPress site or hosting anything important, this basic separation between root and a regular user is your first safety layer.

6. Common Pitfalls and How to Avoid Them

Even with just this basic setup, there are a few things that commonly go wrong.

1. Staying logged in as root for everything

Symptom:
– You log in as root every time and never use the new user.

Why it’s a problem:
– Every command you run has the potential to break the system.

Fix:
– Make it a habit: always SSH in as your regular user (demo@SERVER_IP_ADDRESS).
– Keep root only for rare admin tasks.


2. Forgetting the new user’s password

Symptom:
– You created the user, logged out, and can’t remember the password.

Fix if you still have root access:
– Log in as root again and reset the password:

bash
passwd demo

  • Enter a new password when prompted.

3. Confusing root’s password and the user’s password

Symptom:
– You try to log in as demo but keep entering the root password.

Fix:
– Slow down; double-check:
root@SERVER_IP_ADDRESS uses root’s password.
demo@SERVER_IP_ADDRESS uses demo’s password.

If you’ve truly mixed them up, use root (if available) to reset the user password as above.

7. Safety First: General Habits for This Stage

Even with this simple baseline setup, a few habits will make your life a lot easier later:

  • Write down IP and users somewhere secure
    Keep track of:
  • Server IP address
  • Root username and password
  • Your new user’s username and password
  • Don’t experiment as root
    If you want to “try something” you found in a random blog or forum, test it as your regular user. Only escalate to root-level changes when you understand what the command does.
  • Use a staging or test server where possible
    If this box will host a live site later, keep big experiments away from it. Do them on a separate test server or locally first.

Those small precautions save you from those “why is everything broken” evenings. Been there.

8. Quick Recap

We did the bare essentials of an initial Ubuntu server setup:

  • Logged into the new server as root using SSH:
    bash
    ssh root@SERVER_IP_ADDRESS
  • Understood why root is too powerful (and too risky) for daily use.
  • Created a new user for normal work with:
    bash
    adduser demo
  • Confirmed we can log in as that new user via SSH.

From here, you’re ready to continue hardening the server and installing whatever stack you need—web server, database, PHP, WordPress, WooCommerce, whatever your project demands.

But foundation first. You’ve just put that in place.

If this saved you time, bookmark CrushEdge for more fixes.

No Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.