1

This might seem like a crazy step, but.. How to disable(remove) root completely from a system? (I'm currently working on Ubuntu 18.04).

I'm working to modify an OS so that no user would ever be able to mess up with the internal files... the user need to have very limited control over the system. This can be done by giving sudo access to only limited commands to the users and taking off any other way to access sudo or su... This question is just my crazy thought that if the root is completely disabled there can be no way some one can figure out a way to abuse the system.. just trying to know if there is a possibility to work this way.

I understand that is creates obvious issues, but is there a way to work around them? Thanks :)

mchid
  • 44,904
  • 8
  • 102
  • 162
frankenstein
  • 63

1 Answers1

0

If there is no root password set, login as root is disabled. This is typically the default configuration of Ubuntu when you install it and set up a user password.

That said, it sounds like you are asking this from a security perspective so I'll mention a couple of things. Firstly, if a user has physical access to the machine they can get root access via a number of means such as replacing the boot drive, booting from something else. Full disk encryption can make it impossible for this person with physical access to see your data but not to wipe it.

Secondly, disabling the mechanism to log in as root doesn't really provide notable security over having a non-guessable passphrase, and just not giving that passphrase to others.

Thirdly, you mention giving sudo access to users. Done incorrectly this can inadvertently open up the ability for users to do much more than you intend for them to. If you have a locked down system it's not typical to let users do anything that requires superuser access.

thomasrutter
  • 37,804