hello there,

I am using a server with fc5 installed and wish to disable login in via Root. I still need permissions to do adminstrative tasks remotely so need to create a new user which has root permissions.

I cannot find any info in the fedora forum to do this and am not sure instructions for other distributions will apply to FC5.

So anyone has any guidelines on this?

Oh yes and I use telnet to login not SSH.
cheers!

First of all, you cannot create more than one root user. The closest you can get, probably, is to let one user use sudo to accomplish the tasks which need superuser privileges. In this matter it's wise to only grant superuser privileges to the commands you'll be needing -- not to everything. What use would it be if you disabled your root account and then created another one? The point in disabling the root account is that all the other accounts are non-privileged to do most of the things root can do. Then, with sudo, certain users can be given the chance to, by giving their password when starting sudo, run some things as root (but not everything, since that would compromise the whole idea).

List the things you need to do, grant some user sudo rights for them, disable root account and keep a hard eye on your logs. And do NOT let anyone use sudo without passwords. More importantly, don't let anybody use sudo if it's really not needed. The less root privileges, the less trouble.

Hi Bouncer,

The main reason is to block bruteforce attacks using root as the username. I'd want to keep a difficult username and an difficult password and yes I would keep an eye on all root logins. However, we have a company firewall which only allows SSH/Telnet connections internally so chance to anyone getting through is less, this is just an extra security measure.

cheers!

If you are using telnet then the extra security measure will not help since passwords are sent as clear text. You should disable telnet and root logins for ssh. Login with regular user then su for admin tasks.