Methods to Enable or Disable Root Login in Linux

Disable Root Login In Linux

The root user has access to anything and everything that is available within the Linux system. We can disable root login in Linux, though the security benefits of the same are debatable. There are multiple ways to disable root and we’ll go over all the methods in this tutorial.

How to Enable Root Login in Linux

By default, Ubuntu disallows root login via the GUI login. Though not recommended, you can enable the root login in Ubuntu by using the passwd command to set a new password for the account. The same command is applicable for almost any Linux distribution.

sudo passwd root

Now you can enter a new password and then proceed to use the -u command option for the passwd command to unlock the root user.

sudo passwd -u root

Now you can login to the root account via the su command below and use the whoami command to verify the user.

su root

whoami

Disable Root Login in Linux

Most of the methods that we’re listing here are pretty much accessible for every Linux distribution. Let’s go over all the available methods one by one.

1. Disable Root Login in Linux with passwd Command

To disable the root login, you can use the passwd command as below:

sudo passwd -l root

This will lock the password for the root user and you won’t be able to access the root account with its password until a new one is set.

2. Disable Root Login Using the usermod Command

Similar to the passwd command above, we can use the usermod command to lock the account using the -L command option.

sudo usermod -L root

The result is the same as with the passwd command.

3. Changing the Login Shell to /usr/sbin/nologin

In this case, what we’re going to do is to change the default root shell to nologin instead of bash. So whenever someone logs in to the root account even with the correct password, the account will automatically exit the shell.

Two ways to set nologin shell:

  • Edit the /etc/passwd file manually
  • Use the usermod command to set the default shell

We recommend using the usermod command as it is cleaner than manually editing the file, but we’ll still demonstrate both the methods here.

Editing the /etc/passwd file manually:

sudo nano /etc/passwd
Editing Passwd File to Disable Root Login in Linux
Editing Passwd File

Now you can change the part which says “/bin/bash” adjacent to the root user, to “/usr/sbin/nologin”.

Use the usermod command to set the default shell:

Now let’s come to the cleaner way to disable root login. This will be done by using the usermod command along with the -s option to set the default shell.

sudo usermod -s /usr/sbin/nologin root

Once you do this, the default shell will be set and you can verify the same by doing a cat /etc/passwd.

Root Usr Nologin
Root User Nologin

Great! Now you know that the root user cannot log in to any terminal. If you do try to login after this, you’ll get the below message.

Root Account Disabled
Root Account Disabled

4. Disable Root Login in Linux for SSH

What if you do not want to disable the root login for the entire operating system but only want to disable access via SSH servers? Well, you can do that by simply editing the /etc/ssh/sshd_config file and disable root login from there.

By default, it’s set to prohibit-password which means you cannot log in to the account with a password and can only make use of the Keys. We can edit this to say no to completely disallow root access for SSH users.

Edit the SSH config file by using the command below:

sudo nano /etc/ssh/sshd_config
Permitrootlogin Ssh
Permitrootlogin Ssh

And find the line that says PermitRootLogin. Now you can uncomment the same line and edit it, or add another line with your desired option. In my case, I’ve simply written the same thing on a new line.

Conclusion

Well, that’s about it. These are just some of the quick and easy methods to disable root login in Linux that you can work with. For the most part, the first two methods will serve all your purposes. But if you need help with a specific situation, comment below and we can help you out with it better.