On Sat, Jul 30, 2022 at 02:02:21PM -0400, Timothy M Butterworth wrote:
> Logging in as root has become taboo. Sudo is the prefered mechanism for
> running administrator functions. I have root set to nologin with a null
> password to force sudo usage.
This makes entering single-user mode ("rescue mode") impossible.
> One of the major issues with su root is that
> in a work environment with more than one administrator you would have to
> share the root password. Sharing one account provided no accountability as
> to who actually made changes. I would love to see Debian Bookworm disable
> root login by default. Root is a security vulnerability because the user
> name is known so it is easy to launch a brute force attack against the
> server.
If it's about "attacking a server", the default sshd configuration which
disallows root logins is already sufficient. There's no reason to stop
people from using a root password locally, to stop single-user mode from
working, etc.
(Of course, if that's what you want on *your* systems, you're free to do
that. I just don't think it's necessary to impose it on everyone else
by fiat.)
