-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Jul 12, 2017 at 08:30:12AM -0400, RavenLX wrote:
[...] > To remove the root password so root can't log in again: > > sudo passwd -l root I've been following this back-and-forth for a while. Yes, I think it's a good idea to use the root account as little as possible. Myself, I use sudo in the overwhelming majority of cases. But I learnt the hard way that sometimes it's a good idea to keep a root account (with a corresponding password!) around. When the system boots and the root file system is corrupt (or a similar early-boot problem happens), you find yourself staring at a message more or less looking like that: Please enter your root password to start a rescue shell: (message is from memory, but you get the -uh- message). This was shortly after Debian convinced me that having a root password is The Evil Itself. Duh. I'm wiser now. (Yah, there is a workaround for that: a rescue disk, and that's how I got myself out of that, but hey). Of course: no remote login as root (sshd_config). Use sudo in normal life (it's more comfortable, anyway). All that. Use a hard-to-guess root password (pwgen -n 16, for me). But. A root password doesn't make your system more insecure (unless it opens up one more remote access). And sometimes, just sometimes you wish you had one :-) Cheers - -- t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAllmIlkACgkQBcgs9XrR2kbbrQCeMEk2yo4l//4fQ6EmfVKZdCI8 NO8An3h/C2QqwlJU77AjzwDo0y5eRQYe =dq9G -----END PGP SIGNATURE-----
