Since Ubuntu disables the root account by default, why not disable root shell access also?

If that were the case, you would only be able to run commands with sudo one at a time, but you would not be able to start a root shell. A root shell is convenient in many cases, e.g. if you are planning to run multiple commands as root in a row.

Specifically, you could not run sudo -i, as AlexP noted. From man sudo:

-i, --login    Run the shell specified by the target user's password database entry as a login shell.

Besides Alberto Santini's sudo answer, there's another (far better) answer. If root's shell is set to something that is not a shell, booting single user doesn't work. There's recovery in sulogin for things like non-extant shell or completely broken shell, but it will not work if the shell appears to be a valid shell but isn't actually a shell.

You can still sudo directly to get a shell by specifying the shell to sudo so it's not even good protection.

Since Ubuntu disables the root account by default, why not disable root shell access also?

Tags:

Security

Command Line

Root

Related

Recent Posts