LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 06-04-2006, 10:07 AM   #1
shifter
Member
 
Registered: May 2006
Distribution: Slackware, DragonFly
Posts: 233

Rep: Reputation: 30
disabling the root account


How can I disable the root account?
 
Old 06-04-2006, 10:22 AM   #2
Yalla-One
Member
 
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 641

Rep: Reputation: 36
Hi shifter,

Why would you want to disable the root account? ie - what are you seeking to accomplish by doing so?

In UNIX/Linux you need the root account to perform various system-related tasks, such as software upgrade, kernel maintenance and user account creation.

While it's a very good idea never to run normal programs as root, and to be very careful with when you use it, I recommend that you chose a very hard-to-guess password for root, disable root login over SSH and other media, and keep your normal user for everyday use. Then, when Slackware 11.0 is released one of these days/weeks/months, you can login as root, perform the system upgrade to the latest and greatest, and afterwards resume your day-to-day tasks as your normal user login..

-Y1
 
Old 06-04-2006, 11:09 AM   #3
DeanLinkous
Member
 
Registered: Jun 2006
Posts: 111

Rep: Reputation: 15
I would consider this a lot before trying it. This is all at your own risk and may or may not work. Hmmm....
You could edit the password file and remove or significantly change the section that stores the password hash.
Seen this done before on redhat I think - edit /etc/passwd file change /bin/bash to /sbin/nologin or I guess you might could change it even to /dev/null???
Something else I have seen done is a empty /etc/securetty file prevents root login

Just some ideas...at your own risk!
 
Old 06-04-2006, 11:18 AM   #4
vls
Member
 
Registered: Jan 2005
Location: The grassy knoll
Distribution: Slackware,Debian
Posts: 192

Rep: Reputation: 31
Normally, I avoid 'me too' style posts but I'll just say me too with Yalla-One.

Don't do it, stop thinking about it.
 
Old 06-04-2006, 01:52 PM   #5
DeanLinkous
Member
 
Registered: Jun 2006
Posts: 111

Rep: Reputation: 15
me too cause I gotta
 
Old 06-04-2006, 02:19 PM   #6
theoffset
Member
 
Registered: Aug 2005
Location: Guadalajara, Jal, Mexico
Distribution: Slackware Linux
Posts: 211

Rep: Reputation: 31
I don't know if it works with the root account, but you could use
Code:
passwd -l root
I know it works with other accounts, but havent tried disabling the root account... Go ahead if that's what you want (make sure to read "man passwd" before!)
 
Old 06-04-2006, 02:46 PM   #7
jimX86
Member
 
Registered: Mar 2006
Distribution: Slackware64 -current
Posts: 268
Blog Entries: 1

Rep: Reputation: 79
Quote:
Originally Posted by DeanLinkous
Something else I have seen done is a empty /etc/securetty file prevents root login
I think you're right on target. He probably just wants to disable logins. I'm not a sysadmin, but I can see how that might make sense. sudo logs to /var/log/messages, so you could monitor usage.

I found some docs here... http://www.redhat.com/docs/manuals/l...rivileges.html
Some of it is RedHat specific, but there are some good ideas.
 
Old 06-04-2006, 05:10 PM   #8
shifter
Member
 
Registered: May 2006
Distribution: Slackware, DragonFly
Posts: 233

Original Poster
Rep: Reputation: 30
Yalla-One writes:
Why would you want to disable the root account? ie - what are you seeking to accomplish by doing so


I want to enable the root privilegies for my usual user and to disable the root account, or to reduce the root to a common system's user.
Is it a way to increase the system security..., I want to change the root directory.
 
Old 06-04-2006, 05:33 PM   #9
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
I'm not sure that will increase security. By giving a normal account root's privileges and using that normal account for day to day activities, you're increasing your risk - not decreasing it.

Generally it's better to have a strong password for both accounts (root's and your normal account) and to use su or sudo to perform privileged activities.
 
Old 06-04-2006, 05:46 PM   #10
vls
Member
 
Registered: Jan 2005
Location: The grassy knoll
Distribution: Slackware,Debian
Posts: 192

Rep: Reputation: 31
Quote:
Originally Posted by shifter
Yalla-One writes:
Why would you want to disable the root account? ie - what are you seeking to accomplish by doing so


I want to enable the root privilegies for my usual user and to disable the root account, or to reduce the root to a common system's user.
Is it a way to increase the system security..., I want to change the root directory.
Don't do it. You're gonna end up hosing your system. Use sudo to give access to all the system commands.

sudo man page

sudoers config file
 
Old 06-04-2006, 06:27 PM   #11
jimX86
Member
 
Registered: Mar 2006
Distribution: Slackware64 -current
Posts: 268
Blog Entries: 1

Rep: Reputation: 79
Shifter, I think you're getting some good advice. What you're trying to do is basically the same as running everything as root. Not a great idea.
 
Old 06-04-2006, 06:43 PM   #12
Tinkster
Moderator
 
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
Quote:
Originally Posted by jimX86
Shifter, I think you're getting some good advice. What you're trying to do is basically the same as running everything as root. Not a great idea.
And you're being very friendly.

That's the single most stupid thing a linux user can do.
Just imagine the havoc one could cause by sitting in
Konqueror (nauseous, take your pick) and "accidentally"
moving /etc to some other place in the file-system.
You'll find yourself quite surprised not too long later ;}


Cheers,
Tink
 
Old 06-04-2006, 07:36 PM   #13
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 79
Quote:
Originally Posted by shifter
Yalla-One writes:
Why would you want to disable the root account? ie - what are you seeking to accomplish by doing so


I want to enable the root privilegies for my usual user and to disable the root account, or to reduce the root to a common system's user.
Is it a way to increase the system security..., I want to change the root directory.
As others have already pointed out, this is equivalent to running everything as root. Certain things can be done only by the superuser. The system cares not what name you chose to assign to the superuser but that the user id is 0. The name `root' is just the traditional, universal name used in all unix systems (redundant?), but it is just a label.

Thus what you propose to do is equivalent to running as root.
 
Old 06-04-2006, 07:59 PM   #14
jimX86
Member
 
Registered: Mar 2006
Distribution: Slackware64 -current
Posts: 268
Blog Entries: 1

Rep: Reputation: 79
Quote:
Originally Posted by Tinkster
And you're being very friendly.
I just try to be kind. It's a character flaw.
 
Old 06-04-2006, 08:10 PM   #15
Tinkster
Moderator
 
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
Quote:
Originally Posted by jimX86
I just try to be kind. It's a character flaw.
"Don't put your hand on that element, Kid, it's a bad idea .." :}

Yep, I see how it's a flaw. ;}


Cheers,
Tink

Last edited by Tinkster; 06-04-2006 at 08:27 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Identifying non-administrators w/ root privilege/ Multiple root account in use wjeanpaul Linux - Security 4 05-19-2006 09:55 PM
is it legitimate and allowed and can be done to make another user account set uid and gid to null 0 to make another root account with different name and possibly not damage the debian system creating and using that new account BenJoBoy Linux - Newbie 12 01-29-2006 11:02 AM
How do I retain the PATH in the root account even when I switch to root using su? thearchitect Linux - Newbie 1 08-13-2005 01:02 AM
Disabling root login via SSH moger Linux - Security 7 06-20-2004 04:55 PM
disabling su to root from telnet subhasis_ray Linux - Security 6 02-11-2003 07:04 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 02:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration