Hello, i hosted domains in admin account. I have small vps, i have single domain and only i use it. It is convenient for me to run it on admin accound but i read best practise is to create user accound and host domains there but realy it is only for me for single domain and what can be worst happen in that case?
When you run it under a “User” HestiaCP adds a local Linux user to the box which does not have a shell on default.
It’s permissions is issued for /home/<your_hestia_user>. Even if it’s shell web shell is compromised.
So it’s contained.
I’d assume the recommendation is there because admin does have more privileges like restart services probably more so if your code was injected/hacked now the infected code has broader access on the box..
I don’t think it does anything in terms of resource utilization.. just separation, reducing your impact surface and maybe more..
USER : Typically cannot manage firewall rules (though they can manage rules on a per-domain basis if given access).
Cannot see, manage, or interact with other users.
Highly restricted, with actions typically jailed to their home directory.
No access to system-wide server settings.
In the past it was possible to run command as admin user as root via sudo
This issue has been solved by now.