The root or super user is the most powerful user in a Linux operating system, it has power to cripple you system to a piece of crap if it lands in the wrong hands. Root user is also synonymous with the Windows Administrator for Windows based system.
In the past we have seen many system administrators turn off direct root user access on a system because of the power it has, in this post we will show you, how that can be done.
Here is a simple and useful tip to disable root user access in Ubuntu. Before we do that you will need to setup another user that will have root capabilities, so that you can easily perform tasks that require you to have root permissions.
To setup a new user, login as the root user and issue the following command;
The adduser command will create a new user and the ingroup directive tells the command to create a user in a particular group. You will need to replace the groupname with the group you want the user to be in (by default use users), and username with the name for your new user.
Once you have created the new user you will need to grant it root privileges, to do that you will need to open the sudoers file by issuing the visudo command. Add the new user you created by adding this line to the sudo file.
Tip: Sudo in Linux also means super user do.
Replace the username with the user you created earlier. Once you have done that open a new terminal window and login with the new user, once you have logged in issue the command sudo su, this will allow you to sudo into the system as a super user. You will be prompted for a password, enter the same password you use for the user you logged in with, once everything goes fine you will become a root user.
Important Note: If you are not able to sudo su into the system, please follow the earlier steps to modify the user to become a super user. Unless you are sure you are able to sudo su into the system, DO NOT follow the steps below, you could practically screw up your system.
Once you are sure that you can access the system as root, you can now safely disable direct root login access to your system by following the steps below.
While you are logged in as root, open the file /etc/ssh/sshd_config using your favorite editor, we use nano on Ubuntu, you could use any other editor you like.
In the open file, search for the text PermitRootLogin, you should see yesas the value, change it to noand save the file. Once you have done that issue the command;
This should reload the SSH configuration for your system, now before you close the root session, open a new terminal to confirm that root access has been disabled.
Note: You will still be able to login as root once you ssh into the system using a different user. To login in as root simply issue the command su and enter your root password.
Hope this tip helps you make your system more secure, do let us know your views on it.