On 07/09/2017 06:11 PM, Kaj Persson wrote:
Hi Jimmy, Well, I did not follow your suggestion exactly, but as people has said, the root account is already and always there, even it has not been assigned a password. So, against my real whish, not to activate the root account, I gave the command sudo passwd root, and entered a password. And now I suppose I have burned my ships and have no way back...
[Snip] To remove the root password so root can't log in again: sudo passwd -l root It'll report that the root password expiry has changed: from man passwd: -l, --lockLock the password of the named account. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ´!´ at the beginning of the password).
Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account, administrators should use usermod --expiredate 1 (this set the account's expire date to Jan 2, 1970).
Users with a locked password are not allowed to change their password. [end of man entry]Now, nobody can log in as root. But, root account is still there if you need it. To get it back and give it a password:
sudo passwd -u root sudo passwd root (Then type in a secure password for root.)