On 07/12/2017 09:21 AM, to...@tuxteam.de wrote: [snip]
I've been following this back-and-forth for a while. Yes, I think it's a good idea to use the root account as little as possible. Myself, I use sudo in the overwhelming majority of cases. But I learnt the hard way that sometimes it's a good idea to keep a root account (with a corresponding password!) around. When the system boots and the root file system is corrupt (or a similar early-boot problem happens), you find yourself staring at a message more or less looking like that: Please enter your root password to start a rescue shell: (message is from memory, but you get the -uh- message). This was shortly after Debian convinced me that having a root password is The Evil Itself. Duh. I'm wiser now. (Yah, there is a workaround for that: a rescue disk, and that's how I got myself out of that, but hey).
I have only used a rescue disk once many years ago. That was because of a failing hard drive. Got the data from it OK, thankfully.
Of course: no remote login as root (sshd_config). Use sudo in normal life (it's more comfortable, anyway). All that. Use a hard-to-guess root password (pwgen -n 16, for me). But. A root password doesn't make your system more insecure (unless it opens up one more remote access). And sometimes, just sometimes you wish you had one :-)
I use a laptop but I've never needed to ssh into a laptop computer. Also, if you want to set up ssh, add ssh client and set up your user (sudo enabled) account and random obscure port in sshd config. Be sure to set it up so that it uses a key pair. Then you still won't need root over ssh.
I'm not totally convinced that having a root account accessible 24/7 is a good idea, especially on portable systems that can also be accessed via internet.
