Managing Linux devices comes with inherent risks. By default, users are given complete control over a device, its directories, and even its root folders.
In this article:
Understanding the Standard User and Root User
Root and Standard roles were designed with an administrator and non-admin use case in mind. Important directories, for example, are out of scope for Standard Users. Root Users, meanwhile, have the same access as administrators.
Root User
- Access to all commands and directories
Standard User
- Cannot remove a device from the Esper tenant
- Cannot update the Esper Agent on a device
- Cannot perform operations on the /var/lib/esper/bin directory
- Must use sudo commands to install applications
- No access to the /root and /boot directories
We recommend testing these roles to understand access privileges on Linux devices.
Keep in mind that while Standard Users can run “sudo” during a Remote Terminal session, they will not be able to perform any Custom Actions that have sudo privileges. Standard Users may also be prompted to type in the device’s passwords during a terminal session when using sudo.
If a Standard User attempts to perform an Esper Agent update during a Terminal session, that session will end.
Creating Root and Standard Users
Create a root or standard user by clicking on your user profile. Then go to User Management and select Roles. Then click Custom Roles.
In Linux Device Management, select the scopes for Root or Standard users.
Only one user type has access to a scope at a time and user types cannot share scopes.
Learn more about Custom Roles.
Proper user management is essential for maintaining both device stability and security. By clearly defining Standard and Root roles, organizations can minimize risks while keeping devices functional and secure.