In Linux, the root user has access to everything and can do many things. It has access to each and every command of the Linux system and can delete, edit, update, execute, read, write to all the available files and folders. It has all the permission so it is the supreme account on Linux.
Such access might be troublesome in most cases. As some users might execute wrong commands at the wrong time which will directly affect the system.
In most cases, new users are created and given the limited privileges so the system will not be affected by troublesome commands. To perform the critical tasks. such users are given the privilege of root user by using sudo command.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform related Linux system configuration queries.
In this context, we shall look into different ways to disable root account in your Ubuntu Linux system.
Let's create one user with the privilege of root user by providing sudo access. We can create such user by following the below command:
# adduser test
Now, add this user to the sudo group by following the below command so it can perform tasks with the root privilege:
# usermod -aG sudo test
Here, a means append and G means a group. We append the test user to the sudo group.
One of the methods to disable root account in linux is to change the shell of the root user. First, Open the /etc/passwd file and change the /bin/bash or /bin/sh to /sbin/nologin. You can run the below command to do so:
$ sudo vim /etc/passwd
Then, Change the root line and save it:
root:x:0:0:root:/root:/sbin/nologin
Now, the root user cannot login and certain messages will be displayed:
$ su -root
When you try to login to servers, you can easily login to it through SSH. But, if you want to disable root login to that server, you can simply edit the /etc/ssh/sshd_config file. You can edit with your favorable editor. Here, we are using nano:
$ sudo nano /etc/ssh/sshd_config
Then change the line:
permitRootLogin no
Here, you are changing it to "PermitRootLogin no" to disable root login to that specific server.
It is easy to disable root login by using the passwd command:
$ sudo passwd -l root
Here, after running the above command, we cannot login to the root user until the new password is set for the root user.
It is similar to the passwd command with little change. We can run the following command to disable root login:
$ sudo usermod -L root
After running the usermod command, we cannot login to the root user until the new password is set for the root user.
This article covers the different ways of disabling the root login in Linux. In fact, You should disable the root account and use sudo for administrative tasks because it's more secure than using su. This way, you only have to remember one password on your Linux system.