How to disable root account
Restricting the ways a user can gain root permissions is a good security practice. In this tutorial I will show you how to disable the root account and get root permissions only with ‘sudo’.
Table of Contents
- Create an administrator account
- Disable root account
Create an administrator account
If you don’t have an account that can get root permissions with “sudo”, you can do it easily:
- Ensure you have “sudo” command installed.
- Create an account.
useradd -m <username> # useradd -m ricardo
- Add “username” to “sudo” group (you may need to create that group before with
usermod -aG sudo <username>
- Ensure “sudo” group can get root permissions by running
visudo(if you don’t have
EDITOR=and your editor name before running
# uncomment or create the line below %sudo ALL=(ALL) ALL
- Login as the new account and ensure you can get root permissions with “sudo”.
Disable root account
(A) Change root shell
You can change the default shell for root to
/sbin/nologin by editing
# this is an example of the line you need to edit, change only the last part root:x:0:0::/root:/usr/bin/nologin
(B) Disable root login over SSH
If you only need to disable root login when using SSH, you can edit
/etc/ssh/sshd_config and change and uncomment this line:
Any user with superuser privileges can run
sudo bash to enter into a root shell. After disabling root account, you can’t run
sudo su or
If you have any suggestion, feel free to contact me via social media or email.
Latest tutorials and articles: