How to disable root?

system · November 9, 2005, 6:31pm

Using NodeWorx, I can under SiteWorx | Shell Users see them all.

I have via SSH added a new user, and now want to disable root, but the checkbox is greyed out!

How do I disable the root user?

Also how about Telnet? Is that already disabled?

And I still would like to know how to add an module to Apache.

system · November 9, 2005, 6:35pm

And what does the “Change Shell” option do?

system · November 9, 2005, 6:50pm

Oh well being impatient, as it cannot be done through NodeWorx, I logged in as root and executed the following command:

usermod -s /bin/nologin root

This now reflects in NodeWorx, even though it does not show as disabled.

I then logged on as a new user I added, and though I could “su -” to root with a password prompt, but now get this error:

su: /bin/nologin: No such file or directory

What now?

IWorx-Socheat · November 9, 2005, 6:57pm

You can’t disable the root user from the Shell Users page. This doesn’t just disable the user from ssh’ing in, it also causes the user to not have a shell on the box. Which would mean, even from the console or when su’ing to root, the root user wouldn’t have a shell. This is probably not what you want. You would disable a user from the Shell Users page when you don’t want the user to have any shell access at all.

If you’re just trying to prevent the root user from being allowed to SSH in, then you need to edit your /etc/ssh/sshd_config file and add the following line:

PermitRootLogin no

and then restart sshd. Toggling this option will be available in NodeWorx in a future version.

Telnet’ing into port 23 is disabled.

When enabling shell access for a user, you have various command language interpreters available (commonly called ‘shells’). The default shell is typically ‘bash’. If you want to change a user’s shell you would use the “Change Shell” option. See the following page for more info.

IWorx-Socheat · November 9, 2005, 7:10pm

Can you do anything after doing ‘su -’ ? If not, can you just do a simple ‘su’ (without the hyphen) to root? You need to get back in somehow and change your root user’s shell back to /bin/bash.

IWorx-Socheat · November 9, 2005, 7:26pm

Just tested it out myself, ‘su -’ and ‘su’ produce the same results. Someone is going to need to boot the box into rescue mode, mount whatever partition /etc is on, and fix /etc/passwd manually.

system · November 10, 2005, 4:40am

Geez!

Why don’t your interface allow me to change root to “/bin/bash”???

I guess this is hereby a feature request!