LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 02-25-2008, 08:41 AM   #1
frankzen
Member
 
Registered: Mar 2004
Location: Montreal
Distribution: Debian - Fedora -
Posts: 49

Rep: Reputation: 1
Question Getting rid of root user in Debian Sid


I have created a root user on my Sid installation which I would now like to get rid of. Is there an easy answer ?

Thanks
 
Old 02-25-2008, 09:13 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,300
Blog Entries: 54

Rep: Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855
Quote:
Originally Posted by frankzen View Post
I have created a root user on my Sid installation which I would now like to get rid of. Is there an easy answer ?
Short answer: don't. ${answer:0:130}: While use and abuse both can lead to all sorts of problems the account named "root" is crucial for a working GNU/Linux installation.
 
Old 02-25-2008, 09:36 AM   #3
Dutch Master
Senior Member
 
Registered: Dec 2005
Posts: 1,675

Rep: Reputation: 122Reputation: 122
Agreed, unless your 'root' user has an UID > 1. Then you are really in trouble....
 
Old 02-25-2008, 12:12 PM   #4
frankzen
Member
 
Registered: Mar 2004
Location: Montreal
Distribution: Debian - Fedora -
Posts: 49

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by unSpawn View Post
Short answer: don't. ${answer:0:130}: While use and abuse both can lead to all sorts of problems the account named "root" is crucial for a working GNU/Linux installation.

I realize that. But with Debian and Ubuntu systems, root doesn't come with a password....so can't be used to login. However I provided root with a password....so it can be used as a login. I would like to remove that password.
 
Old 02-25-2008, 12:22 PM   #5
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
That's not "removing" the root user, that's just locking the account up so that no users can log in, and is done by setting a "bad" value to the password field in the shadow file, namely one that contains exclamation mark (!). That's at least one way of doing it. But prior to going there, it might be a good idea to grant some sudo privileges for some admin user. Of course you can later use one of the various methods to bring the root account active again (single-user mode, live-cd, ...) but it's just less hazzle this way.

So head to the shadow file (/etc/shadow) and try putting an exclamation mark on the encrypted password field, if I'm not mistaken that should disallow the usual logins. It doesn't still remove the account, and you shouldn't try that because it just won't do any good.
 
Old 02-25-2008, 12:25 PM   #6
frankzen
Member
 
Registered: Mar 2004
Location: Montreal
Distribution: Debian - Fedora -
Posts: 49

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by b0uncer View Post
That's not "removing" the root user, that's just locking the account up so that no users can log in, and is done by setting a "bad" value to the password field in the shadow file, namely one that contains exclamation mark (!). That's at least one way of doing it. But prior to going there, it might be a good idea to grant some sudo privileges for some admin user. Of course you can later use one of the various methods to bring the root account active again (single-user mode, live-cd, ...) but it's just less hazzle this way.

So head to the shadow file (/etc/shadow) and try putting an exclamation mark on the encrypted password field, if I'm not mistaken that should disallow the usual logins. It doesn't still remove the account, and you shouldn't try that because it just won't do any good.

I'll try it. Thanks
 
Old 02-25-2008, 01:36 PM   #7
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,228
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
Quote:
Originally Posted by frankzen View Post
with Debian and Ubuntu systems, root doesn't come with a password....
In Debian you assign the root password during install.. It would not be without a password unless you configured it that way.

Ubuntu is slightly different than Debian in how it initially handles the root account.
 
Old 02-25-2008, 01:40 PM   #8
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,733
Blog Entries: 12

Rep: Reputation: 456Reputation: 456Reputation: 456Reputation: 456Reputation: 456
You could just install Bastille and not allow root logins. That way you have to login as a user then su to do anything as root.
 
Old 02-25-2008, 03:50 PM   #9
frankzen
Member
 
Registered: Mar 2004
Location: Montreal
Distribution: Debian - Fedora -
Posts: 49

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by farslayer View Post
In Debian you assign the root password during install.. It would not be without a password unless you configured it that way.

Ubuntu is slightly different than Debian in how it initially handles the root account.

I didn't assign a root password during installation but I did later.

Now I'd like to lockup the root account again.
 
Old 02-25-2008, 04:54 PM   #10
hungrigerhaifisch
Member
 
Registered: Aug 2005
Distribution: Arch Linux
Posts: 91

Rep: Reputation: 15
Lightbulb It can be done!

First, make sure that are able to be'super-user' by using sudo.
Run the 'visudo' command as root. It will show you the contents of /etc/sudoers where you should have a line like
Code:
# User privilege specification
root    ALL=(ALL) ALL
Now you would need to add
Code:
yourusername    ALL=(ALL) ALL
below that line, to add yourself to the 'super-user'-list.

Once you've done this, log out of the root account.
Now run
Code:
sudo passwd -l root
This will lock the root account.
To 'unlock' it again run
Code:
sudo passwd -u root
For more information about this, type
Code:
man passwd
The sudo command temporarily gives a user (in this case you) root-privileges. It will ask you for YOUR password.
Be warned though, If you are using Gnome (I expect it to be similar with Kde) you will still be prompted for you root password when trying to run a Program that requires 'super-user'(or root)-privileges.
For example, if you were to configure the login-manager (gdm) from within gnome, Debian uses the 'gksu'-command to authenticate you as being root.
You need to manually change this by editing (with gnome's menu editor) the command that is called when you click on the corresponding link under the 'System->Administartion'-Menu to use 'gksudo' instead of 'gksu'.
Code:
gksu /usr/sbin/gdmsetup
-->
gksudo /usr/sbin/gdmsetup
Gnome now no longer asks you about the root password, but you need to do this manually for every app that requires this. It can be done, its just tedious.(This obviously requires gksudo to be installed!!!)

I expect this to change in the near future though, as Debian now asks during installation if the root account should be disabled, its just taking them to adapt their programs (such as gnome) to behave accordingly.
 
Old 02-25-2008, 08:51 PM   #11
frankzen
Member
 
Registered: Mar 2004
Location: Montreal
Distribution: Debian - Fedora -
Posts: 49

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by hungrigerhaifisch View Post
First, make sure that are able to be'super-user' by using sudo.
Run the 'visudo' command as root. It will show you the contents of /etc/sudoers where you should have a line like
Code:
# User privilege specification
root    ALL=(ALL) ALL
Now you would need to add
Code:
yourusername    ALL=(ALL) ALL
below that line, to add yourself to the 'super-user'-list.

Once you've done this, log out of the root account.
Now run
Code:
sudo passwd -l root
This will lock the root account.
To 'unlock' it again run
Code:
sudo passwd -u root
For more information about this, type
Code:
man passwd
I expect this to change in the near future though, as Debian now asks during installation if the root account should be disabled, its just taking them to adapt their programs (such as gnome) to behave accordingly.


Sorry about over-quoting but this is exactly what I was looking for.

Thanks a lot
 
Old 02-27-2008, 08:26 PM   #12
hungrigerhaifisch
Member
 
Registered: Aug 2005
Distribution: Arch Linux
Posts: 91

Rep: Reputation: 15
No problem.

I would like to add though, for anyone else who may read this, the last part of what I had to say,(the bit about changing links in Gnome) is/will become obsolete.
I checked out Foresight-Linux http://www.foresightlinux.com/
and found that it/Gnome (not sure there) features a small app with which the user can switch the authentication-mechanism used (ie. between su and sudo), thus making manual relinking obsolete (I hope).
 
  


Reply

Tags
root, sudo


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
will the ltmodem drivers work in debian sid (knoppix sid) maximalred Debian 5 05-29-2009 10:44 AM
Debian Etch to Sid? How Stable is Sid? xxAlk3XKidXx Debian 28 02-25-2007 06:32 PM
How to login to debian with root user? solutionseeker Linux - Newbie 2 01-29-2005 09:39 AM
What our the differences between debian (Sid) and knoppix 3.4 (Sid)? maximalred Debian 6 06-06-2004 08:39 PM


All times are GMT -5. The time now is 11:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration