// there are 3 ways we can disable root account login from linux
1. disable the root login through ssh using sshd_config
[root@centos ~]# cat /etc/ssh/sshd_config | grep PermitR
PermitRootLogin yes
# the setting of "PermitRootLogin without-password".
//make this yes to no then the root account is not able to login directly from ssh. should need to login as user then switch as root or access directly from console as root.
2. disable the login option from entirely on /etc/passwd or usermod
[root@centos ~]# cat /etc/passwd | grep ^root
root:x:0:0:root:/root:/bin/bash
//here /bin/bash means which is acceptable for login
[root@centos ~]# usermod -s /bin/nologin root
^C
[root@centos ~]# cat /etc/passwd | grep ^root
root:x:0:0:root:/root:/bin/nologin
[root@centos ~]# exit
logout
[boobalan@centos ~]$ su
Password:
su: failed to execute /bin/nologin: No such file or directory
//now no is able to login the root account. careful on execute this before, XXXX
//to access back again, make sure user must have sudo permission.
[boobalan@centos ~]$ sudo usermod -s /bin/bash root
[boobalan@centos ~]$ sudo su -
Last login: Thu Aug 19 06:31:21 PDT 2021 on pts/0
[root@centos ~]#
3. change the configuration from visudo file instead of (All) for root disable the privilege
root ALL=(ALL) ALL
0 Comments