How to disable root account
Restricting the ways a user can gain root permissions is a good security practice. In this tutorial I will show you how to disable the root account and get root permissions only with ‘sudo’.
Create an administrator account
If you don’t have an account that can get root permissions with “sudo”, you can do it easily:
- Ensure you have “sudo” command installed.
- Create an account.
useradd -m <username> # useradd -m ricardo
- Add “username” to “sudo” group (you may need to create that group before with
usermod -aG sudo <username>
- Ensure “sudo” group can get root permissions by running
visudo(if you don’t have
EDITOR=and your editor name before running
# uncomment or create the line below %sudo ALL=(ALL) ALL
- Login as the new account and ensure you can get root permissions with “sudo”.
Disable root account
(A) Change root shell
You can change the default shell for root to
/sbin/nologin by editing
# this is an example of the line you need to edit, change only the last part root:x:0:0::/root:/usr/bin/nologin
(B) Disable root login over SSH
If you only need to disable root login when using SSH, you can edit
/etc/ssh/sshd_config and change and uncomment this line: