Allowing root login to a web server is a big security threat
By disabling root access , you can help fight against brute force attacks.
Your server should not allow root logins. Here is how you can accomplish this.
- Create a different super user with the same uid as root (0). See adding Linux users article for information on how to add new users.
- Change the shell in /etc/passwd file to /sbin/nologin or a custom program
This will disable access to root from login, gdm, kdm, xdm, su, ssh, scp and sftp. Here you can see root user with nologin shell
Here is what a root user's account with a custom shell looks like
Disable root SSH logins to protect against root exploits
Modify the /etc/ssh/sshd_config file and set the PermitRootLogin parameter to no to help protect your Linux computer against root exploits created through ssh brute force attacks.
You can also prevent root login on any devices attached to your computer using an empty /etc/securetty file . A full /etc/securetty file looks something like
For more information see Server Security Guide or see Computers and Internet and Computer Security blogs