On Thu, 2005-11-24 at 11:24 -0800, Marc Shapiro wrote: > Roberto C. Sanchez wrote: > > On Thu, Nov 24, 2005 at 04:34:12PM +0100, belbo wrote: > >> > >>I've seen Ubuntu linux, and I've noticed the disabled root account. I like > >>this > >>solution, how can I disable root account on my etch debian? > >> > > > > sudo passwd -l root > > > > I am not sure if that will actually do it, but it seems logical. > > I haven't tried this (nor would I want to) but it does not sound like a > good idea to me. First, man passwd says that the -l option is for > locking user accounts, it may not work on root. Secondly, if you do > lock out root, how whould you administer the system? Would sudo still > allow you root access? I don't know and I would not want to try it on > MY system.
Using -l is perfectly safe. This is actually the same thing that Ubuntu does to disable the root account. Since you can't really "disable" root, you're just changing the password to something that can't be matched by a password. (Essentially an invalid hash.) So as long as you're not using password-based authentication (which is the case with sudo), you're fine. Obviously, make sure you use sudo to do the change in the first place as Roberto suggested just to make sure that your sudo does, in fact, work right. If you do it while logged in as root and then log out, and if your sudo ISN'T set up right, you'll be locked out of your system. -- Alex Malinovich Support Free Software, delete your Windows partition TODAY! Encrypted mail preferred. You can get my public key from any of the pgp.net keyservers. Key ID: A6D24837
signature.asc
Description: This is a digitally signed message part