# Can I disable the root user account ?

## Tom_

Hi,

As I use "sudo" on my system, I would like to know if I can disable the root user account ? Is it safe ?

Regards,

Thank you  :Wink: 

----------

## disi

Here is some information from arch wiki: http://wiki.archlinux.org/index.php/Sudo

However, do you just don't want them to interactive login or do you really want to disable the account? You could give him a /bin/false as shell or something...

----------

## Tom_

According to http://www.cyberciti.biz/tips/linux-security.html, it is advisable to disable root Login. I don't want any user to be able to log as root.

ArchLinux wiki says that users may encounter problems with disabling the root login. What does it mean ?

----------

## phajdan.jr

 *Tom_ wrote:*   

> According to http://www.cyberciti.biz/tips/linux-security.html, it is advisable to disable root Login. I don't want any user to be able to log as root.

 

It's important to understand the rationale behind it. If you allow your regular user account to run all commands as root (of course is still asks for the password), you'd effectively make that account a de-facto root account. In my opinion this Ubuntu way of using sudo in place of root is an illusion of additional security. sudo has its place, but it's not to replace root.

For example, if there is a small set of commands that you execute frequently and require root, it's often useful to run them via sudo instead. This way you can't leave the root shel unattended by mistake.

 *Tom_ wrote:*   

> ArchLinux wiki says that users may encounter problems with disabling the root login. What does it mean ?

 

Some programs might assume that it's possible to run as root, possibly using "su". The setup without root login would make these break. I don't have any specific examples though.

----------

## pigeon768

I've had a few situations where running emerge under sudo fails, but running under 'su -' or a root login works.

I didn't chase it down - there is supposed to be a line in /etc/sudoers that takes care of it, but I don't think it worked for me.

----------

