Key Takeaways
- Full root access on an unmanaged dedicated server gives you total control over your environment.
- This guide covers everything you can — and should — do with it.
Full root access on an unmanaged dedicated server means you are the superuser of your entire physical machine. No restrictions, no sandboxing, no permission gates — but also no safety net if you make a mistake.
What Full Root Access Gives You
- Install and remove any software package
- Modify kernel parameters (
/etc/sysctl.conf) - Configure network interfaces, routing tables, and firewall rules
- Mount and partition storage drives
- Create, modify, and delete any file on the system
- Run containerization (Docker, LXC) and virtualization (KVM, VMware)
- Deploy custom kernels and kernel modules
First Things to Do After Getting Root Access
Step 1: Secure SSH Immediately
# Create a non-root user
adduser deploy
usermod -aG sudo deploy
# Generate SSH key pair on your local machine
ssh-keygen -t ed25519 -C "your@email.com"
# Copy public key to server
ssh-copy-id deploy@your-server-ip
# Edit SSH config
nano /etc/ssh/sshd_config
# Set: PermitRootLogin no
# Set: PasswordAuthentication no
# Set: Port 2222
systemctl restart sshdStep 2: Update All Packages
# Debian/Ubuntu
apt update && apt upgrade -y && apt autoremove -y
# CentOS/Rocky/AlmaLinux
dnf update -y && dnf autoremove -yStep 3: Configure UFW Firewall
ufw default deny incoming
ufw default allow outgoing
ufw allow 2222/tcp # Your SSH port
ufw allow 80/tcp # HTTP
ufw allow 443/tcp # HTTPS
ufw allow 25/tcp # SMTP (if email server)
ufw enableStep 4: Set Up Fail2Ban
apt install fail2ban -y
systemctl enable fail2ban --nowAdvanced Root-Level Customizations
Kernel Tuning for High-Performance Applications
# /etc/sysctl.conf — add these for network-intensive workloads
net.core.rmem_max = 134217728
net.core.wmem_max = 134217728
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.core.somaxconn = 65535
net.ipv4.tcp_max_syn_backlog = 65535
sysctl -pCustom DNS Resolver
For SMTP servers and high-throughput DNS applications, replace the default resolver with Unbound:
apt install unbound -y
systemctl enable unbound --nowWhat Root Access Does NOT Give You
- Permission to use the server for illegal activities (DDoS, spam, abuse)
- Access to the hypervisor layer if hosted on shared hardware
- Ability to change physical hardware configuration
- Protection from your own mistakes — always backup before major changes
Root access is not a feature — it is a responsibility. Every configuration decision at the root level directly impacts the security and availability of every application on the server.
WebsNP provides full SSH root access on all dedicated servers from day one. Order your dedicated server today.