Why to disable root login?
– Having the root password defined is not necessary on a linux system. Root password can be disabled but it is not a good practice since the system prompts for the root password absolutely if in case it goes into the maintenance mode. It will not be possible to proceed further in this scenario with sudo access but root password should be provided.
– If an administrator is uncomfortable allowing users to log in as root for these or other reasons, the root password should be kept secret, and access to runlevel one or single user mode should be disallowed through boot loader password protection.
– If still root account need to be disabled on RHEL system for some reasons, the below methods can be followed:
- Changing the root shell
- Deleting the root password
1. Changing the root shell
For any security reasons to prevent users from logging in directly as root, the system administrator can set the root account’s shell to /sbin/nologin in the /etc/passwd file.
2. Deleting the root password
Deleting the root password also will disable the the access to root account. To do so use the passwd command :
# passwd -d root Removing password for user root. passwd: Success