Commands.page Logo

How to Disable Root Account and Use Sudo in Ubuntu

This guide explains how to disable the root account on Ubuntu to enhance system security. You will learn the specific commands to lock the root user and configure standard users to rely exclusively on sudo for administrative tasks. Following these steps ensures better access control and reduces the risk of accidental system damage.

Lock the Root Account

Ubuntu typically comes with the root account locked by default, but you should verify this status or enforce it if the account was previously enabled. To disable the root login, you need to lock the root password. Open your terminal and execute the following command:

sudo passwd -l root

This command adds an exclamation mark to the beginning of the encrypted password in the /etc/shadow file, effectively making the password invalid and preventing direct login as root.

Verify Root is Disabled

To confirm that the root account is successfully locked, you can check the shadow file status. Run the following command:

sudo grep root /etc/shadow

Look at the output for the root user entry. If the password field starts with an exclamation mark (!) or an asterisk (*), the account is locked. You should also attempt to switch to the root user to ensure it fails:

su -

When prompted for the password, any input should result in an authentication failure.

Ensure Sudo Access for Your User

Before fully relying on sudo, ensure your standard user account has the necessary permissions. Your user must be part of the sudo group. To add your user to the sudo group, run:

sudo usermod -aG sudo $USER

Replace $USER with your specific username if the environment variable is not set. After adding yourself to the group, you may need to log out and log back in for the changes to take effect.

Test Sudo Permissions

Verify that your user can execute administrative commands without the root account. Run a simple command requiring privileges:

sudo whoami

Enter your user password when prompted. If the output returns root, your sudo configuration is working correctly. You can now manage your Ubuntu system securely using sudo for all administrative tasks while keeping the direct root account disabled.