It implies that it has overall control over all the commands and files on the system along with the permissions. The permissions are inclusive of reading, writing, deleting or creating.
Now, we are here to understand the process to disable a root account in Linux.
This article will tell you about several methods through which you can disable the root account in Linux.
- Hamper the SSH root login
- Alter the root user’s shell
- Disable the root login through usermod command
- Disable the route login through passwd command
Let us study them one by one!
Hamper the SSH root login
In Linux, you have the option to disable access of the route user through SSH servers. All you have to do is edit this mentioned file:
And the root login disables from here. You will not be able to log into the account with the help of a password. Only keys are accessible here. To edit the file right no to disable the route access for SSH users.
The syntax for the same command is written like this:
sudo nano /etc/ssh/sshd_config
Take a look at the below-presented snapshot for a better understanding.
The white line highlighted here is the statement where you have to add no.
Moving on to the next method!
The next segment shows how to alter the login shell to disable the route account.
Alter the root user’s shell
In this method, you can alter the default root shell by setting nologin in place of bash. By doing this, whenever someone else tries to log in to the root account, the account automatically exits the shell. Moreover, it does not matter if the person enters the correct password.
Here are the steps to accomplish this task:
- Manually edit the /etc/passwd file
- To set the default shell you have to use the usermod command
To manually edit the file, use the below-given command:
sudo nano /etc/passwd
Here is the display:
Switch /bin/bash to /usr/sbin/nologin.
Next, you have to use the usermod command to disable the root login.
You have to use the usermod command along with the -s option. Follow the syntax:
sudo usermod -s /usr/sbin/nologin root
Take a look at the snapshot:
Now, if you are the root user and you try to login to your account, you will receive the message as shown below:
Hopping on to the next segment we have another method. We will now understand how to disable the root account via usermod command.
How to disable the root login by usermod command?
You can use this -L command option as given below to lock the root account:
sudo usermod -L root
Disable the root access via PAM
PAM is a short form for Pluggable Authentication Modules. It is an extremely flexible way of authentication in Linux.
Via the /lib/security/pam_listfile.so module, you can limit the privileges of the account that you want.
The first step is to open the file and edit it for the target service in the /etc/pam.d/ directory. We will be using the nano command for your reference.
sudo nano /etc/pam.d/login
sudo nano /etc/pam.d/sshd
Now, add this configuration in these files as shown below:
auth required pam_listfile.so \
onerr=succeed item=user sense=deny file=/etc/ssh/deniedusers
The next step is to create a file: /etc/ssh/deniedusers. Now, add the name root and save this file. Press exit.
sudo nano /etc/ssh/deniedusers
Set the permissions as given below:
sudo chmod 600 /etc/ssh/deniedusers
This method is only available for the services that are PAM aware.
As you know, the root account has primary authority, and therefore, it holds great significance. So, if any instance occurs that calls to disable the root account, you can easily do that.
This article provided you with various ways to disable the root account in Linux. We expect these particulars to help you to perform your task in the smoothest way possible.