-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Feb 17, 2016 at 04:26:28PM +0100, Peter Ludikovsky wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > More or less. What I wouldn't agree with is locking the root account > completely, because, like Thomas said, you'll be locked out should you > ever be dropped to a rescue shell due to an hardware error.
There are ways around it. For example, you can specify /bin/sh (or bash) as init. Or you can boot from a rescue system on another medium. My point was: you *should* know that (and perhaps have given it a dry run) before disabling root login. When trouble hits it's too late, because you don't know how to deal with init=/bin/sh or you haven't that rescue medium conveniently around :-) regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlbEitcACgkQBcgs9XrR2kbTaACeKVNQ1Zk/Pv89pIomKF7G39yJ uc0AnAigC8J7Fougjj8IEZXx1YpcRf7t =DDfS -----END PGP SIGNATURE-----