how do i enforce security for logins??

if i have a liveserver and would like have it accessed only by one
single user only remotely or locally then how should it be done?

should this user be 'root'

or any other user, who can login and then su as root.