Root is the most powerful user account in Linux system. In fact, it’s the most important part of the entire system that can perform any operation on anything like having a snack. As the root account is this much powerful, it’s always necessary to secure it with proper measures. Using a powerful password is definitely one of them. Learn how to install Ansible on Ubuntu 18.04.
If having a powerful password isn’t enough you think, you’re free to go ahead and disable the root account. Yes, it’s possible to disable root access so that no one can get their hands on it.
Why disable root
There are some conspiracies going around like disabling root account is probably a bad idea because there are a number of actions that has to be performed as root privilege. Disabling root is crazy, right?
This is where the idea is wrong. The truth is, disabling root is definitely one of the best security measures you can pull. This trick is super easy and re-enabling the account isn’t that hard at all.
Disabling Root account
In order to disable the root account, you have to do something beforehand. At first, make sure that all the users in the system having the ability to run commands as root have a secure password. A weak password will reduce the security dramatically.
The best way to do so is to run this command –
# Swap username with the user account sudo passwd <username>
This command will force reset the user password and will prompt creating a new password. This step isn’t necessary but better safe than sorry, right?
It’s time to disable the root account. Run the following command for starting system-level shell –
Now, simply run the command and disable root –
passwd -l root
This command line will lock the account. However, if your gut sense is telling that you need to secure it even harder, run the next command.
usermod -p '!' root
This command scrambles the root password in an instant. Thus, the root account is inaccessible for all.
Re-enabling the root
Disabling root is a good idea but if you can’t get it back in time, it’s not that safe, right?
Run the following command –
Note that after running this command, you have to enter a new password for the account as this command resets root to default.
Voila! Your root account is back again!