This page on server hardening claims:
Disabling the root account is necessary for security reasons.
Why is disabling the root account necessary for security reasons?
This page on server hardening claims:
Disabling the root account is necessary for security reasons.
Why is disabling the root account necessary for security reasons?
If you're not using Root, you're using sudo! Sudo is a great way to become root only when you need to.
The site you link to is very poor at explaining what they are getting you to do. The root account is not being disabled, but rather, the password for root is disabled. That's what passwd -l
does.
The intent of those instructions is to make it so that people cannot log in as the root user, because the root account is easy to guess. I'm not sure that their approach of creating a pseudo-user with a "hard to guess name" will be that much more secure ...
It is an old Tradition from the days of the Mainframe. The idea is that root
can do what he wants with the machine, including replacing the kernel or destroying the UEFI variables, which can brick the machine. Whereas a non-root
account cannot -- unless that account is given administrative rights through sudo
, which is what you will have with Ubuntu, and it totally destroys the rationale above.
Really, disabling the root
account is now used exclusively to appease elder gods, who:
In practice, your digital life is completely accessible from your normal user account, so making any protection relative to the root
user does not make a lot of sense. Mucking with the root
/non-root
distinction is a thing of the past, when machines were big servers shared between hundreds of users who were possibly hostile to each other.
Please be aware that (at least on Ubuntu and its derivatives), there is a tradeoff involved with disabling the root password.
Should there be a disaster on your system, you will want to boot the system into recovery (or single-user) mode from the console. If the root password is disabled (as it is by default), then no authentication whatsoever can be required when booting into single-user mode, because the root account has no credential to be used for this purpose, and no other account can be guaranteed to work under those circumstances. This is handled by special-case code in the sulogin program.
On balance, though, this is an easy trade to make: you are preventing a whole class of remote attacks while opening up the system to unauthenticated root login from the physical console. Remember that you cannot ever secure a system from an attacker with physical access to it anyway. This is why secure data centers with electronic access controls exist.
Root is generally disabled to provide an extra layer of security throughout the Linux operating system. The root user has the ability to change literally anything no matter the importance. This makes it a common target of hackers, viruses, etc. Disabling it (or rather disabling the password) ensures that the account cannot be logged into if the password is retrieved (not actually that hard to do).
By default, the root account password is locked in Ubuntu.
Because If that user's account is compromised by an attacker, the attacker can also gain root privileges the next time the user does so. The user account is the weak link in this chain, and so must be protected with the same care as root.
The root account password does not need to be shared with everybody who needs to perform some type of administrative tasks on the system .
To disable your root account use the following command:
sudo passwd -dl root