On Du, 07 iun 20, 21:21:07, Marco Möller wrote: > > Yes, design options exist. However, I never tried out if the user root could > be blocked by the graphical session manager only, in the case of KDE usually > sddm is in use. But I know that the login of user root can be blocked in > general: when nowadays installing Debian, then there is offered to keep the > root account deactivated, which is achieved by simply not assigning it a > password but to leave the root's password empty and then activating the sudo > mechanism for the during installation created normal user. Then the login as > user root is disabled in general, not applying only to GUI login but also to > text terminal login. As a consequence it is always required to log in as a > normal user and using the command sudo would be the way to run commands with > root permissions. The deactivation of the root account could also be > achieved later on, any time, not only during installation of the system, by > changing the password of user root to an empty string.
Careful, an empty password is not the same as a disabled password (see 'man shadow'). The command 'passwd' will not even accept to change a password to an empty one. To lock the password for an account use 'passwd -l'. > But I am afraid that > you then will have to care yourself to set up sudo properly when still > possible to do so as user root. In Debian's default configuration members of group 'sudo' have sudo access, so all you need is: adduser my_user_name sudo As far as I know the installer does the equivalent of that. > Interestingly, although having disabled the root account during installation > and having sudo automatically configured during installation, it by default > appears to still be allowed to run command "sudo su -", which still lets you > run a root terminal once you have been logged in as the normal user and > knowing the user's password needed to use sudo! Warning, useless use of 'sudo su -' :) There is no need for that, use 'sudo -i' ;) Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
signature.asc
Description: PGP signature