How to Disable the Root Account in Linux

MakeUseOf

By David Delony

Published Aug 19, 2021

Although both su and sudo grant administrative privileges, using the latter is advisable. Here's how to disable the root account and use sudo instead.

Depending on how you installed it, your Linux system might be set up to log in to the root account via su instead of sudo. However, you can disable the root account and use sudo instead. Here's how.

Why You Should Disable the Root Account

You should disable the root account and use sudo for administrative tasks because it's more secure than using su. This way, you only have to remember one password on your Linux system.

If you have multiple administrative users, such as on a server, one of them to compromise the root password. Sudo lets everyone use their own password. If the root login is disabled, no one can leak the password. If an admin goes rogue, you can just disable their account.

Make Sure You Can "sudo" First

Before you disable the root account, you should make sure you can sudo first. Many distros set up the first user as the administrator at installation. So if that's you, you likely can sudo already. The root account is already locked if your system is set up with sudo by default.

If sudo is not installed on your system, you can use your package manager to get it. Try searching for a package named "sudo" and install it. Post-installation, you might need to add your user account to the "wheel," "admin," or similarly named user group to be able to use sudo.

To configure sudo, use the visudo command. This will open a copy of the /etc/sudoers file and will only save a valid configuration, hence, saving you from any unwanted damage to the system.

Locking the Root Account

Now that sudo is successfully set up, you'll want to lock the root account. This will stop anyone from using su or logging in to root directly. To do this, use the passwd command:

        sudo passwd -l root

Now Your System Is More Secure

With sudo installed and the root account locked, you can have peace of mind that your system is secure. Better yet, you won't trip over remembering your regular account password and the root password.

While the su and sudo commands might provide root access, the latter is more flexible and secure than su because you can specify who is allowed to do what on a Linux system.