Related Articles

101 Comments

  1. 31

    Phil

    Disabling root is just more security through obscurity. It doesn’t really make the system more secure — in fact by encouraging the proliferation of superuser accounts (via sudo) I would argue it makes the system marginally less secure. It’s an idea that sounds good at first but actually turns out to be one more complication in an already overly complex system. The real answer is better audit logging and, most importantly, changing the root password periodically (maybe even without advance warning). It is much more practical (and efficient) to keep track of password expiration and usage of one superuser account (root) across 100’s of machines machines than 20 or 30 on the same number, which is actually on the low side for the number of sysadmins who might need root privileges in many enterprise shops.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *