On Wed, Apr 9, 2025 at 8:58 AM James Freer <jrjfr...@gmail.com> wrote: > > I've just done my install of Debian 12 Live XFCE version. Been a user > of Xubuntu for 15 years and thought i would change. Tried some of the > derivatives and chose Debian to go with. > > I would be grateful if someone could explain why admin root user is > not set to default. I have always had user login and password and then > root for for other tasks like Aptitude updates. [I am a fan of > Aptitude although most folk seem to prefer Apt].
To answer this question, root login is generally discouraged in various Linux hardening guides. It is the implementation or execution of the Principle of Least Privilege. The idea is one should not login as root and carry out daily tasks as a privileged user. Instead, login as an unprivileged account, do your work, and elevate to root as needed. Disabling root logins by default is especially important when a network attacker can use the login, like via SSH. The network attacker is usually your #1 threat, and you don't want to give the network attacker an opportunity to obtain root merely by guessing a weak password over the internet. (There are other things you should also do for SSH, like disabling passwords and enabling public key authentication). Also see various Linux Security and Hardening Guides, like <https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/4/html/security_guide/s2-wstation-privileges-noroot#s2-wstation-privileges-noroot> and <https://www.debian.org/doc/manuals/securing-debian-manual/securing-debian-manual.en.pdf>. > Also not sure where to set root admin user. I suppose it doesn't > matter if one is using Debian on a home PC like myself rather than a > server but i'd just like to know. Jeff
