On Du, 07 iun 20, 21:21:07, Marco Möller wrote: > > Yes, design options exist. However, I never tried out if the user root could > be blocked by the graphical session manager only, in the case of KDE usually > sddm is in use. But I know that the login of user root can be blocked in > general: when nowadays installing Debian, then there is offered to keep the > root account deactivated, which is achieved by simply not assigning it a > password but to leave the root's password empty and then activating the sudo > mechanism for the during installation created normal user. Then the login as > user root is disabled in general, not applying only to GUI login but also to > text terminal login. As a consequence it is always required to log in as a > normal user and using the command sudo would be the way to run commands with > root permissions. The deactivation of the root account could also be > achieved later on, any time, not only during installation of the system, by > changing the password of user root to an empty string.
Careful, an empty password is not the same as a disabled password (see
'man shadow'). The command 'passwd' will not even accept to change a
password to an empty one.
To lock the password for an account use 'passwd -l'.
> But I am afraid that
> you then will have to care yourself to set up sudo properly when still
> possible to do so as user root.
In Debian's default configuration members of group 'sudo' have sudo
access, so all you need is:
adduser my_user_name sudo
As far as I know the installer does the equivalent of that.
> Interestingly, although having disabled the root account during installation
> and having sudo automatically configured during installation, it by default
> appears to still be allowed to run command "sudo su -", which still lets you
> run a root terminal once you have been logged in as the normal user and
> knowing the user's password needed to use sudo!
Warning, useless use of 'sudo su -' :)
There is no need for that, use 'sudo -i' ;)
Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser
signature.asc
Description: PGP signature
