On Sat, Jul 30, 2022 at 02:02:21PM -0400, Timothy M Butterworth wrote: > Logging in as root has become taboo. Sudo is the prefered mechanism for > running administrator functions. I have root set to nologin with a null > password to force sudo usage.
This makes entering single-user mode ("rescue mode") impossible. > One of the major issues with su root is that > in a work environment with more than one administrator you would have to > share the root password. Sharing one account provided no accountability as > to who actually made changes. I would love to see Debian Bookworm disable > root login by default. Root is a security vulnerability because the user > name is known so it is easy to launch a brute force attack against the > server. If it's about "attacking a server", the default sshd configuration which disallows root logins is already sufficient. There's no reason to stop people from using a root password locally, to stop single-user mode from working, etc. (Of course, if that's what you want on *your* systems, you're free to do that. I just don't think it's necessary to impose it on everyone else by fiat.)