So I need a server that will host only 1 website. I will install debian as O.S.
I want to know: do I need to setup an user to do my stuff or, considering I will the only user of the server, I can use the root user to login via ssh and to do all my stuff?
Thanks for any suggestions, i am pretty new to this word.
Duncmc is exactly right. "It's good practice to disable root login via SSH. Set yourself up with a user account which you use to SSH in and then use sudo for any administration tasks."
I would go farther and say best practice.
Next apache should have its own user and group. In your httpd.conf there are several configuration options you should change.
ServerSignature Off ServerTokens Prod LimitRequestBody (1.5x the size of your biggest possible page) Remove Aliases for icons documents and error.
Here is a decent starting point. http://www.hermann-uwe.de/security/articles/securing-apache-checklist
You can do whatever you want as root, but apps such as Apache shall have own account, because if someone get in through it, they won't have root rights.
You are probably better off with "log in as a normal user, use
suorsudoto gain root proivileges" and "any external-facing service runs as its own user" (ssh will, by necessity need to be running as root).Main reason is that "log on as non-root, elevate privileges" allows you to block remote root login and log any escalation (ideally to a remote log server) and by running services segregated in "privilege space", the chances of one service causing an exploitable hole in another is minimized (and any penetration has a bigger chance of being contained).
It's good practice to disable root login via SSH. Set yourself up with a user account which you use to SSH in and then use sudo for any administration tasks.