There are different reasons to disable root account, for example:
-
Your system is available on a network and you want to protect yourself against brute force attacks, so no one can guess your root account password.
-
Developers wants to stop the users from running a command like
su -to get a full root shell, because it’s now a lot easier to do something wrong which causes damage to the system. however they can still use something likesudo -i,sudo -s,sudo /bin/some-shellor evensudo su -if they are in sudoers file.The idea is to force the user to use the
sudoinstead of sharing a single root password between all users and using thesudocomes with some advantages, for example:- It’s less likely for you to leave an open shell with complete root access,
sudopermissions expires after a while. - You can define more flexible ruels using
sudoersfile - It logs who is doing what, etc.
- Read here for more info.
- It’s less likely for you to leave an open shell with complete root access,
To disable, you can remove the password of the account or lock it down, or even do both of them:
- Remove the root password:
sudo passwd -d root
- Lock the account:
sudo passwd -l root