How To Disable Direct Root Access/Login In Ubuntu [Linux Tip]
By on July 18th, 2008

The root or super user is the most powerful user in a Linux operating system, it has power to cripple you system to a piece of crap if it lands in the wrong hands. Root user is also synonymous with the Windows Administrator for Windows based system.

In the past we have seen many system administrators turn off direct root user access on a system because of the power it has, in this post we will show you, how that can be done.

Here is a simple and useful tip to disable root user access in Ubuntu. Before we do that you will need to setup another user that will have root capabilities, so that you can easily perform tasks that require you to have root permissions.

To setup a new user, login as the root user and issue the following command;

   1: adduser --ingroup groupname username

The adduser command will create a new user and the ingroup directive tells the command to create a user in a particular group. You will need to replace the groupname with the group you want the user to be in (by default use users), and username with the name for your new user.

Once you have created the new user you will need to grant it root privileges, to do that you will need to open the sudoers file by issuing the visudo command. Add the new user you created by adding this line to the sudo file.

Tip: Sudo in Linux also means super user do.

   1: username ALL=(ALL) ALL

Replace the username with the user you created earlier. Once you have done that open a new terminal window and login with the new user, once you have logged in issue the command sudo su, this will allow you to sudo into the system as a super user. You will be prompted for a password, enter the same password you use for the user you logged in with, once everything goes fine you will become a root user.

sudo-into-a-linux-system

Related: Quickly Login as a Different User in Linux in the Same Terminal Window.

Important Note: If you are not able to sudo su into the system, please follow the earlier steps to modify the user to become a super user. Unless you are sure you are able to sudo su into the system, DO NOT follow the steps below, you could practically screw up your system.

Once you are sure that you can access the system as root, you can now safely disable direct root login access to your system by following the steps below.

While you are logged in as root, open the file /etc/ssh/sshd_config using your favorite editor, we use nano on Ubuntu, you could use any other editor you like.

In the open file, search for the text PermitRootLogin, you should see yesas the value, change it to noand save the file. Once you have done that issue the command;

   1: /etc/init.d/ssh reload

This should reload the SSH configuration for your system, now before you close the root session, open a new terminal to confirm that root access has been disabled.

no-root-login-ubuntu

Note: You will still be able to login as root once you ssh into the system using a different user. To login in as root simply issue the command su and enter your root password.

login-as-root-user-from-another-user

Related: Quickly Login as a Different User in Linux in the Same Terminal Window.

Hope this tip helps you make your system more secure, do let us know your views on it.

Tags: , ,
Author: Keith Dsouza Google Profile for Keith Dsouza
I am the editor-in-chief and owner of Techie Buzz. I love coding and have contributed to several open source projects in the past. You can know more about me and my projects by visiting my Personal Website. I am also a social networking enthusiast and can be found active on twitter, you can follow Keith on twitter @keithdsouza. You can click on my name to visit my Google+ profile.

Keith Dsouza has written and can be contacted at keith@techie-buzz.com.
  • LinuxAdm

    While taking that trouble, if you are going to use sudo as a way to change the superusers name, just edit the /etc/passwd and change root name to whatever you want or create a user with uid 0 and belonging to the group gid 0….

    It’s not a good idea to have multiple superusers using sudo.

  • Pingback: Change Default SSH Port | Ubuntu « darryn van tonder

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN