Does anyone use Admin account for regular use ?
Or is this not recommended ?
Please advise
thanks
I use admin account for private use on my private nextclouds.
I think the settings are not the really risk because they differ from personal settings. I think the problem can be the user/admin password. Perhaps you can use 2FA for admin and only password for normal user.
1 Like
There is no need.
You can enable admin notifications for a different user or group. That should keep you receiving up-to-date info without needing to be logged in.
I just wondered because if it’s a security risk or something then I would prefer giving myself a user name and password, but if it’s no big deal then I see no reason to NO use admin as a user.
I’ll wait to see if others chime in on it too though.
Thanks
OK so here is an example where I may have concern. Let’s say I start using Admin as my main user account.
I install bookmarks app, AND floccus and floccus requires user/pass of the nextcloud to sync bookmarks.
So in this case I was concerned about using my admin/pass for floccus.
I created a user specifically ONLY for this purpose.
Am I wrong to be concerned about this ?
Thanks
It depends… If you have multiple users on your instance you are not only responsible for yourself. If someone is able to log into the admin account, this person can also reset the passwords of the other users, which gives this person access to basically all the data on the server. If you only use the cloud for yourself, it doesn’t make much of a difference.
I would generally recommend using strong passwords and 2FA for all accounts. And for 3rd party apps like browser extensions or Android apps that don’t support LoginFlow you shouldn’t use the regular password. It is better to generate a separate app password in the WebUi specifically for this app instead. If 2FA is enabled, this is the only way to login for such an app anyways.
A sparate account for Floccus is perhaps a bit overcautious. But as they say: “Better safe than sorry” 
But I would not take this as an excuse to not use 2FA on your regular account.
2 Likes
Actually it’s a great question.
A lot of users don’t take enough time to investigate their needs in terms of security, they stop when “it works”.
I wonder what kind of account you use on your main computer and perhaps other web services you are running. Do you use a regular (less privileged) user or an admin account?
My personal guideline: even for private services I use the least privileged account. Especially when the services are facing the internet. For testing stuff, it depends what and why I want to test.
But I think most important is separation of roles:
When I’m using my NC instance i use my regular user account, when administrating I use my admin account. One of the advantages of using an admin account only when administrating, is that you are extra cautious for making important changes when admin, and perhaps backing up your system before executing them. When using my regular account, I use it like a regular user and sometimes try to break stuff
The system on which you install NC has this seperation of users and roles largely by default, take for instance the www-data account, it’s not a regular account, but a service account, only allowed and meant to run webservices. You don’t use it to log in (and you can’t by default).
You might think that using both admin and regular user account takes a lot of extra time, but I don’t think so, most of the time you are in user space, sometimes in admin space, and you get used to switching.
2 Likes
I theory this is a really good practice to separate user and admin accounts. In real world (in Nextcloud as well) when the user has go through pretty complex procedure of logout/login as admin it turns into the situation when only really restricted users like governments and insurances, who don’t care about work time follow this guideline…
1 Like
Is sharing photos and files a security risk if you keep documents and passwords apps on the same user account as your photos etc ?
Just curious if there is a HUGE concern for this subject of sharing photos and/or files. I just want to insure that those shares can’t leach over to other areas of the users nextcloud where they could get access to passwords and other documents etc. ?
I’m not familiar with this and wonder if there is a concern about this ?