Should I disable the root account on my Debian PC for security?

From a security standpoint should I disable the root account for my personal computer running Debian 9.1?

And if so: what would be the best way to do this?

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

There are different reasons to disable root account, for example:

  1. Your system is available on a network and you want to protect yourself against brute force attacks, so no one can guess your root account password.
  2. Developers wants to stop the users from running a command like su - to get a full root shell, because it’s now a lot easier to do something wrong which causes damage to the system. however they can still use something like sudo -i, sudo -s, sudo /bin/some-shell or even sudo su - if they are in sudoers file

    The idea is to force the user to use the sudo instead of sharing a single root password between all users and using the sudo comes with some advantages, for example:

    • It’s less likely for you to leave an open shell with complete root access, sudo permissions expires after a while.
    • You can define more flexible ruels using sudoers file
    • It logs who is doing what, etc.
    • Read here for more info.

To disable, you can remove the password of the account or lock it down, or even do both of them:

  1. Remove the root password:
    sudo passwd -d root
  2. Lock the account:
    sudo passwd -l root


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments