Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
06-04-2006, 10:07 AM
|
#1
|
Member
Registered: May 2006
Distribution: Slackware, DragonFly
Posts: 233
Rep:
|
disabling the root account
How can I disable the root account?
|
|
|
06-04-2006, 10:22 AM
|
#2
|
Member
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 641
Rep:
|
Hi shifter,
Why would you want to disable the root account? ie - what are you seeking to accomplish by doing so?
In UNIX/Linux you need the root account to perform various system-related tasks, such as software upgrade, kernel maintenance and user account creation.
While it's a very good idea never to run normal programs as root, and to be very careful with when you use it, I recommend that you chose a very hard-to-guess password for root, disable root login over SSH and other media, and keep your normal user for everyday use. Then, when Slackware 11.0 is released one of these days/weeks/months, you can login as root, perform the system upgrade to the latest and greatest, and afterwards resume your day-to-day tasks as your normal user login..
-Y1
|
|
|
06-04-2006, 11:09 AM
|
#3
|
Member
Registered: Jun 2006
Posts: 111
Rep:
|
I would consider this a lot before trying it. This is all at your own risk and may or may not work. Hmmm....
You could edit the password file and remove or significantly change the section that stores the password hash.
Seen this done before on redhat I think - edit /etc/passwd file change /bin/bash to /sbin/nologin or I guess you might could change it even to /dev/null???
Something else I have seen done is a empty /etc/securetty file prevents root login
Just some ideas...at your own risk!
|
|
|
06-04-2006, 11:18 AM
|
#4
|
Member
Registered: Jan 2005
Location: The grassy knoll
Distribution: Slackware,Debian
Posts: 192
Rep:
|
Normally, I avoid 'me too' style posts but I'll just say me too with Yalla-One.
Don't do it, stop thinking about it.
|
|
|
06-04-2006, 01:52 PM
|
#5
|
Member
Registered: Jun 2006
Posts: 111
Rep:
|
me too cause I gotta
|
|
|
06-04-2006, 02:19 PM
|
#6
|
Member
Registered: Aug 2005
Location: Guadalajara, Jal, Mexico
Distribution: Slackware Linux
Posts: 211
Rep:
|
I don't know if it works with the root account, but you could use I know it works with other accounts, but havent tried disabling the root account... Go ahead if that's what you want (make sure to read "man passwd" before!)
|
|
|
06-04-2006, 02:46 PM
|
#7
|
Member
Registered: Mar 2006
Distribution: Slackware64 -current
Posts: 268
Rep:
|
Quote:
Originally Posted by DeanLinkous
Something else I have seen done is a empty /etc/securetty file prevents root login
|
I think you're right on target. He probably just wants to disable logins. I'm not a sysadmin, but I can see how that might make sense. sudo logs to /var/log/messages, so you could monitor usage.
I found some docs here... http://www.redhat.com/docs/manuals/l...rivileges.html
Some of it is RedHat specific, but there are some good ideas.
|
|
|
06-04-2006, 05:10 PM
|
#8
|
Member
Registered: May 2006
Distribution: Slackware, DragonFly
Posts: 233
Original Poster
Rep:
|
Yalla-One writes:
Why would you want to disable the root account? ie - what are you seeking to accomplish by doing so
I want to enable the root privilegies for my usual user and to disable the root account, or to reduce the root to a common system's user.
Is it a way to increase the system security..., I want to change the root directory.
|
|
|
06-04-2006, 05:33 PM
|
#9
|
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141
Rep:
|
I'm not sure that will increase security. By giving a normal account root's privileges and using that normal account for day to day activities, you're increasing your risk - not decreasing it.
Generally it's better to have a strong password for both accounts (root's and your normal account) and to use su or sudo to perform privileged activities.
|
|
|
06-04-2006, 05:46 PM
|
#10
|
Member
Registered: Jan 2005
Location: The grassy knoll
Distribution: Slackware,Debian
Posts: 192
Rep:
|
Quote:
Originally Posted by shifter
Yalla-One writes:
Why would you want to disable the root account? ie - what are you seeking to accomplish by doing so
I want to enable the root privilegies for my usual user and to disable the root account, or to reduce the root to a common system's user.
Is it a way to increase the system security..., I want to change the root directory.
|
Don't do it. You're gonna end up hosing your system. Use sudo to give access to all the system commands.
sudo man page
sudoers config file
|
|
|
06-04-2006, 06:27 PM
|
#11
|
Member
Registered: Mar 2006
Distribution: Slackware64 -current
Posts: 268
Rep:
|
Shifter, I think you're getting some good advice. What you're trying to do is basically the same as running everything as root. Not a great idea.
|
|
|
06-04-2006, 06:43 PM
|
#12
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
Quote:
Originally Posted by jimX86
Shifter, I think you're getting some good advice. What you're trying to do is basically the same as running everything as root. Not a great idea.
|
And you're being very friendly.
That's the single most stupid thing a linux user can do.
Just imagine the havoc one could cause by sitting in
Konqueror (nauseous, take your pick) and "accidentally"
moving /etc to some other place in the file-system.
You'll find yourself quite surprised not too long later ;}
Cheers,
Tink
|
|
|
06-04-2006, 07:36 PM
|
#13
|
HCL Maintainer
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450
Rep:
|
Quote:
Originally Posted by shifter
Yalla-One writes:
Why would you want to disable the root account? ie - what are you seeking to accomplish by doing so
I want to enable the root privilegies for my usual user and to disable the root account, or to reduce the root to a common system's user.
Is it a way to increase the system security..., I want to change the root directory.
|
As others have already pointed out, this is equivalent to running everything as root. Certain things can be done only by the superuser. The system cares not what name you chose to assign to the superuser but that the user id is 0. The name `root' is just the traditional, universal name used in all unix systems (redundant?), but it is just a label.
Thus what you propose to do is equivalent to running as root.
|
|
|
06-04-2006, 07:59 PM
|
#14
|
Member
Registered: Mar 2006
Distribution: Slackware64 -current
Posts: 268
Rep:
|
Quote:
Originally Posted by Tinkster
And you're being very friendly.
|
I just try to be kind. It's a character flaw.
|
|
|
06-04-2006, 08:10 PM
|
#15
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
Quote:
Originally Posted by jimX86
I just try to be kind. It's a character flaw.
|
"Don't put your hand on that element, Kid, it's a bad idea .." :}
Yep, I see how it's a flaw. ;}
Cheers,
Tink
Last edited by Tinkster; 06-04-2006 at 08:27 PM.
|
|
|
All times are GMT -5. The time now is 02:30 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|