17 thoughts on “Enabling And Disabling Root Account in Debian/Ubuntu

  1. Reply Subbu May 27,2008 11:04 am

    Dude.. Give Ubuntu a skip and try Debian.. (i.e. If you don’t mind Over-User-Friendliness and ‘teh cool effectz! *squeal!!1!!11\!’*)

    Reason being it’s much more stable.

    And Um.. FYI, Debian HAS Root Account.. You can disable it by installing sudo. (Nope.. Not Installed by default)

  2. Reply Sathya May 27,2008 12:13 pm

    Subbu: Ubuntu was on my VM. Was just exploring it. Not the greatest fan of Ubuntu. I’m waiting for openSUSE 11, if it’s any good I’ll upgrade openSUSE 10.3 to 11. Else I’ll just shift to Debian or maybe even Gentoo.
    Debian has root account enabled by default? Read it’s disabled :?

    • Reply Scott Seufert Dec 19,2014 10:04 pm

      Re: Debian root disabled.

      This depends on how it was installed. If you install it yourself you can disable root by leaving the root password blank when the installer asked for a root password. This disables root and automatically installs sudo as well as adds the first user (created in the next screen on the installer) to /etc/sudoers.

      If you get like a vps or something that has debian installed via script, root will be disabled or enabled at the request of the script.

      Re: Cool effects.

      This has nothing to do with the distro directly, it’s a product of whatever GUI you install. Granted, some distros have eyecandy enabled by default, but it would be incorrect to assume that distro X can’t have cool effects but distro Y can. You can have Debian +KDE4 + wobbly windows or just debian without any GUI at all. It’s all in the configuration.

  3. Reply Kunal Gautam May 27,2008 6:28 pm

    Man just learned how to enable and disable account and regarding sudoer file in my class :P

  4. Reply PICCORO Jun 3,2008 8:07 pm

    uff, sudo command has no users added in debian brands.. so this article is invalid, and only works in win-buntu…

    the file /etc/sudoers in debian, does not have entries for nobody, therefore no user is able to run the command sudo .. so, this does not allow him to make changes

    Subbu was right, u must use a real linux for future corrections in articles ¬_¬!

    More Info for a real linux distro : McKAY Debian and linux issues (packages and howtos)

    • Reply correction Apr 21,2014 5:07 pm

      in the Debian 7 Wheezy installation you decide:
      – if you want a root account, it is disabled the sudo for the user created
      – if you do not want root account (just left blank the password, as says the installation description), the user created have sudo powers.

      So depends on your decision, this blog post (still) valid for your 2014’s Debian

  5. Reply Bharath Ram Oct 9,2008 12:15 pm

    vry useful info dude…………… for newbies of ubuntu out there…………

  6. Reply mudfly Aug 27,2009 8:56 pm

    in regards to disabling the root account, which I am a fan of, you can still use sudo su – to switch to the root account, when needed.

  7. Pingback: Vinayak

  8. Reply nitish Oct 23,2010 7:20 pm

    i want to disable root login until the admin connects its usb drive…i want to use drive as a key…plzzzz help

  9. Reply Anon Ymous Jan 20,2011 9:53 pm

    @mudfly : bad idea to do it that way (can wreak havoc with environment variables and such thing). Rather use the proper way to do it (with sudo), which does not involve “su” at all : “sudo -s”, and voilà ;)

  10. Reply Anon Ymous Jan 20,2011 10:02 pm

    @nitish: check on pam_usb ;)

    Bear in mind that it will not be multi-factor authentication, though (multi-factor implies at least two of the following: owning something, knowing something, and individually be someone): the fact that anybody easily copying your USB key will be able to impersonate you without any problem makes it so it will only give the illusion of necesitating to own something, while actually, it will just be one-factor authentication, with a secret a tad more difficult to know (nothing more, nothing less).

    Multi-factor authentication would involve biometry (meh…), or crypto-token (a smartcard, plugged in a USB reader, and protected by a PIN, which would lock the card after a defined number of failures: much, much, much better, though hardcore physical fiddling with the smartcard could still expose the key, of course – but it would be something your usual Joe would have a lot more problems to accomplish than a “dd” or “cp” of your USB drive).

  11. Reply bobot Mar 29,2011 9:04 am

    I guess a better way of disabling back the root is found in here: https://help.ubuntu.com/community/RootSudo. That is, by issuing the command: sudo usermod -p ‘!’ root

  12. Reply salaidayalan Jun 14,2011 12:28 pm

    it is very useful
    thank u

  13. Pingback: How to make Ubuntu's root account like Debian's?

  14. Pingback: Time For VirtualBox | John Aldred

  15. Reply Sam Tavakoli Apr 5,2015 5:14 am

    Pub key authentication is still valid even if the password is locked. This is written explicitly in the manual of passwd:

    Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account, administrators should use usermod –expiredate 1 (this set the account’s expire date to Jan 2,

    Next time take a peek in the manual before publishing on the Internet.

Leave a Reply