Why is disabling root necessary for security?
If you're not using Root, you're using sudo! Sudo is a great way to become root only when you need to.
- Root is a giant target. What's root's username? Root! I'm so smart :)
- Logging. Sudo has a greater command of audit logging (so that when someone uses sudo to do something silly, you can tattle on them to the central logging server). This is helpful for forensic analysis in some cases.
- Granular permissions. Root is a Big Flippin' Hammer. Do not hand BFHs to your users. Sudo allows you to specify that a user can run update commands like aptitude without password, but everything is off limits! You can't do that with the BFH that is root. IT allows you the flexibility of sanctioning certain commands for users, but disallowing others. This allows you to build a security policy that does not require an administrator to physically log in to a machine every time a machine needs to be updated (or another menial task).
- Idiot-proofing. Why do you not hand users a BFH? Because they're dumb. Why do I use sudo instead of root? I'm dumb. Dumb means mistakes, and mistakes mean security holes and sysadmin-issues.
The site you link to is very poor at explaining what they are getting you to do. The root account is not being disabled, but rather, the password for root is disabled. That's what passwd -l
does.
The intent of those instructions is to make it so that people cannot log in as the root user, because the root account is easy to guess. I'm not sure that their approach of creating a pseudo-user with a "hard to guess name" will be that much more secure ...
It is an old Tradition from the days of the Mainframe. The idea is that root
can do what he wants with the machine, including replacing the kernel or destroying the UEFI variables, which can brick the machine. Whereas a non-root
account cannot -- unless that account is given administrative rights through sudo
, which is what you will have with Ubuntu, and it totally destroys the rationale above.
Really, disabling the root
account is now used exclusively to appease elder gods, who:
- are grumpy;
- are obsolete;
- have been dead for decades, but are still worshipped by a powerful caste of high priests, collectively known as "conformance auditors".
In practice, your digital life is completely accessible from your normal user account, so making any protection relative to the root
user does not make a lot of sense. Mucking with the root
/non-root
distinction is a thing of the past, when machines were big servers shared between hundreds of users who were possibly hostile to each other.