Related Books
Go - Secure Coding Practices

Go - Secure Coding Practices
Linux Notes for Professionals

Linux Notes for Professionals
Guide to Prompt Engineering

Guide to Prompt Engineering
Introduction to C Programming Language

Introduction to C Programming Language
TypeScript for Java Developers by CodeAhoy

TypeScript for Java Developers by CodeAhoy

View all

Disable Root Login

Warning: !! PROCEED AT YOUR OWN RISK !!

Proceed At Your Own Risk

This sections cover things that are high risk because there is a possibility they can make your system unusable, or are considered unnecessary by many because the risks outweigh any rewards.

Why disable root login?

If you have sudo configured properly, then the root account will mostly never need to log in directly – either at the terminal or remotely.

Be warned, this can cause issues with some configurations!

If your installation uses sulogin (like Debian) to drop to a root console during boot failures, then locking the root account will prevent sulogin from opening the root shell and you will get this error:

Cannot open access to console, the root account is locked.

See sulogin(8) man page for more details.

Press Enter to continue.

To work around this, you can use the --force option for sulogin. Some distributions already include this, or some other, workaround.

An alternative to locking the root acount is set a long/complicated root password and store it in a secured, non digital format. That way you have it when/if you need it.

Goals

  • locked root account that nobody can use to log in as root

Notes

  • Some distributions disable root login by default (e.g. Ubuntu) so you may not need to do this step. Check with your distribution’s documentation.

Steps - Disable root login

  1. Lock the root account:

     sudo passwd -l root

Licenses and Attributions

Speak Your Mind

-->