Security, how to setup the control panel domain - How do users work

Hestia is the best thing Ive come across since I started using VPSs. Its saved me God knows how much time, everything just works with it.

One thing I dont understand though is how to set up the control panel domain properly. So I create a VPS, run the installer as root, then it sets up two users for me, admin, and another user. I setup the CP on hcp.mydomain.com. But when I try to setup a DNS record for hcp.mydomain.com so that I can setup SSL certificates, it says it strongly advises creating a standard user before creating DNS records. What if I create a DNS record anyway, what risks does that pose.

I setup a cloudflare zero trust tunnel behind hcp.mydomain.com, so that it doesnt actually need a DNS record inside Hestia.

Another question is about other users. So the standard users that I create, can I use those as users to manage the VPS as a whole? I notice it wont let me add a user that already exists. So they are like system users?

If you are managing the DNS record for your domain on Cloudflare, you don’t need to add any record on Hestia to issue a certificate.

The admin user has more privileges than other users so the fewer things you add to this user, the better. Fewer opportunities for potential attackers to find vulnerabilities in some of the services used by the admin user.

Do you mean standard Hestia users or OS standard users? If you mean Hestia users, better don’t use them to manage your server, they lack a lot of privileges so are very limited, instead use any other OS standard user.

Hestia users are not like system users, ARE system users (understanding system users as OS users).