en
  English
Phone :  +370 (5) 204-1903
Email: sales@1gbits.com
  1. Dedicated server
  2. Blog
  3. How to disable the root account in Linux

How to disable the root account in Linux

When we talk about the root account, it is simply the principal account of the Linux operating system. 

Linux Tutorial Jun 30, 21 by Nisal N 4 min Read
How to disable the root account in Linux

It implies that it has overall control over all the commands and files on the system along with the permissions. The permissions are inclusive of reading, writing, deleting or creating. 

Now, we are here to understand the process to disable a root account in Linux. 

This article will tell you about several methods through which you can disable the root account in Linux.

  • Hamper the SSH root login
  • Alter the root user’s shell
  • Disable the root login through usermod command
  • Disable the route login through passwd command

Let us study them one by one!

Hamper the SSH root login

In Linux, you have the option to disable access of the route user through SSH servers. All you have to do is edit this mentioned file:

etc/ssh/sshd_config

And the root login disables from here. You will not be able to log into the account with the help of a password. Only keys are accessible here. To edit the file right no to disable the route access for SSH users. 

The syntax for the same command is written like this: 

sudo nano /etc/ssh/sshd_config

Take a look at the below-presented snapshot for a better understanding. 

The white line highlighted here is the statement where you have to add no.

Moving on to the next method! 

The next segment shows how to alter the login shell to disable the route account.

Alter the root user’s shell

In this method, you can alter the default root shell by setting nologin in place of bash. By doing this, whenever someone else tries to log in to the root account, the account automatically exits the shell. Moreover, it does not matter if the person enters the correct password. 

Here are the steps to accomplish this task:

  • Manually edit the /etc/passwd file
  • To set the default shell you have to use the usermod command 

To manually edit the file, use the below-given command:

sudo nano /etc/passwd

Here is the display:

Switch /bin/bash to /usr/sbin/nologin.

Next, you have to use the usermod command to disable the root login.

You have to use the usermod command along with the -s option. Follow the syntax:

sudo usermod -s /usr/sbin/nologin root

Take a look at the snapshot:

Now, if you are the root user and you try to login to your account, you will receive the message as shown below:

Hopping on to the next segment we have another method. We will now understand how to disable the root account via usermod command.

How to disable the root login by usermod command?

You can use this -L command option as given below to lock the root account:

sudo usermod -L root

That’s it!

Disable the root access via PAM

PAM is a short form for Pluggable Authentication Modules. It is an extremely flexible way of authentication in Linux.

Via the /lib/security/pam_listfile.so module, you can limit the privileges of the account that you want.

The first step is to open the file and edit it for the target service in the /etc/pam.d/ directory. We will be using the nano command for your reference.

sudo nano /etc/pam.d/login

OR

sudo nano /etc/pam.d/sshd

Now, add this configuration in these files as shown below:

auth    required       pam_listfile.so \
        onerr=succeed  item=user  sense=deny  file=/etc/ssh/deniedusers

The next step is to create a file: /etc/ssh/deniedusers. Now, add the name root and save this file. Press exit. 

sudo nano /etc/ssh/deniedusers

Set the permissions as given below:

sudo chmod 600 /etc/ssh/deniedusers

This method is only available for the services that are PAM aware. 

Conclusion

As you know, the root account has primary authority, and therefore, it holds great significance. So, if any instance occurs that calls to disable the root account, you can easily do that.

This article provided you with various ways to disable the root account in Linux. We expect these particulars to help you to perform your task in the smoothest way possible. 

author img

Nisal N

Computers has always fascinated me since I was a kid and here we are. I love travelling for 2 reasons: the first one to see a new part of the world and second (the most important one) to experience the rich culture hidden among the country and people. I'm pretty good at cooking but very poor when it comes to baking.

Leave A Comment