Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[SOLVED] Disable root logins with LightDM

Graphical Environments, Managers, Multimedia & Desktop questions.
Post Reply
Message
Author
Imanol
Posts: 50
Joined: 2011-12-26 22:30

[SOLVED] Disable root logins with LightDM

#1 Post by Imanol »

Hi, I've been trying to install Debian on a new machine.

I've got the bad habit of always using the root account for EVERYTHING (I've been doing it for 7 years and I'm realizing how wrong I was), so I'm trying to redeem myself. Right now, I'd like to keep the ability to login as root on the system console, but I want to disallow root logins on X11 (I'm using LightDM) and I just can't find the way to do it!

I'm pretty sure it's very simple and I keep missing it, anyone care to help?

Thanks a lot for your help!!
Last edited by Imanol on 2012-12-25 15:26, edited 1 time in total.

vbrummond
Posts: 4432
Joined: 2010-03-02 01:42

Re: Disable root logins with LightDM

#2 Post by vbrummond »

It is far simpler to just not log in as root. I mean you have to manually type root and then the root password in order to log in as root. Just 'don't'. Is this merely an academic question in disguise or are you really addicted to logging in as root so that you might want to seek help for this addiction?
Always on Debian Testing

Imanol
Posts: 50
Joined: 2011-12-26 22:30

Re: Disable root logins with LightDM

#3 Post by Imanol »

Actually maybe a little :D

I've logged as root a few times unconsciously when doing stuff and I just need some big message saying "Please don't do that anymore"

Also, it would improve security (wouldn't it?)

It sounds stupid, but there must be a way to disallow root logins

confuseling
Posts: 2121
Joined: 2009-10-21 01:03

Re: Disable root logins with LightDM

#4 Post by confuseling »

You could change root's wallpaper to something frightfully rude... :shock:

Or a custom theme. Everything in a uniform shade of pink. Panels, widgets, cursor. Just pink.
The Forum's search box is terrible. Use site specific search, e.g.
https://www.google.com/search?q=site%3A ... terms+here

Imanol
Posts: 50
Joined: 2011-12-26 22:30

Re: Disable root logins with LightDM

#5 Post by Imanol »

Good one, but seriously, is there no way to do it?

In that case I'll try switching to gdm3, I remember it had an AllowRootLogin or something similar on its configuration files...

User avatar
Hallvor
Global Moderator
Global Moderator
Posts: 2029
Joined: 2009-04-16 18:35
Location: Kristiansand, Norway
Has thanked: 139 times
Been thanked: 206 times

Re: Disable root logins with LightDM

#6 Post by Hallvor »

Install sudo and disable root account?
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD

Imanol
Posts: 50
Joined: 2011-12-26 22:30

Re: Disable root logins with LightDM

#7 Post by Imanol »

But I still want to be able to login as root on the system console (/dev/ttyX)

fsmithred
Posts: 1873
Joined: 2008-01-02 14:52

Re: Disable root logins with LightDM

#8 Post by fsmithred »

[quote="confuseling"]You could change root's wallpaper to something frightfully rude... :shock:
SuSE used to put pictures of bombs in the background on a root login.

Imanol
Posts: 50
Joined: 2011-12-26 22:30

Re: Disable root logins with LightDM

#9 Post by Imanol »

I'm getting OFF lighdm, It gives me a lot of trouble as it ignores a lot of .files on my home folder, incorrectly sets the cursor theme and misbehaves wildly

I'm marking this as solved.

Roaring Silence
Posts: 55
Joined: 2009-07-03 23:24
Location: United Kingdom

Re: [SOLVED] Disable root logins with LightDM

#10 Post by Roaring Silence »

I know this post was marked as solved, but it wasn't really solved. The questioner presumably installed a different desktop manager. I am using lightdm in Peppermint Linux, which is ultimately a Debian derivative, and like the original enquirer, I wanted to keep a root account in the background, but disable gui logins for the root user. Unfortunately there does not seem to be a way to do this through the lightdm configuration files, but there is a way to do it by adding a line to one of the PAM configuration files in /etc/pam.d/
As root, in a terminal cd to /etc/pam.d/
then code: ls
You should see the file lightdm
code: nano lightdm
Look to see if there is a line:

# auth required pam_succeed_if.so user != root quiet

If it is there, uncomment it, by removing the initial #
If it is not there, add it without the initial # I don't think its position in the file matters, but I added it near the beginning.
Save the file and reboot, and you should find that that root can no longer log in. I am posting this here in case anyone else wants to keep root privileges but for security's sake disable root gui logins.
I am sorry if this post is too late to help the original enquirer, but that is the only solution as far as lightdm is concerned.

ruffwoof
Posts: 298
Joined: 2016-08-20 21:00

Re: [SOLVED] Disable root logins with LightDM

#11 Post by ruffwoof »

Just stumbled across this old post, I know, years out of date but for reference - create a admin (or whatever) userid and add sudo group to that userid, then

sudo passwd -d root
sudo passwd -l root (that's a little L as in lock).

You'll then have to login as admin and use sudo or run sudo su -

A primary benefits are that hackers can attempt to brute force root passwords, but with a userid that's used for admin and root logins locked they have to brute force both a username and password. sudo also tends to run a lot less things as root so there's less inclination towards a security bug opening up undesired root access.

ruffwoof
Posts: 298
Joined: 2016-08-20 21:00

Re: Disable root logins with LightDM

#12 Post by ruffwoof »

Imanol wrote:I'm getting OFF lighdm, It gives me a lot of trouble as it ignores a lot of .files on my home folder, incorrectly sets the cursor theme and misbehaves wildly
IIRC its only GDM that provides the capacity to run X as user, or alternatively boot to cli login as user and run X.

You can boot to cli by adjusting /etc/default/grub to
# GRUB_CMDLINE_LINUX_DEFAULT # comment out so textual boot messages
GRUB_CMDLINE_LINUX="text"
GRUB_TERMINAL="console"
.. and run update-grub && systemctl set-default multi-user.target

Set the system to auto login 'user' by creating /etc/systemd/system/getty@tty1.service.d/override.conf containing ...
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin user --noclear %I 38400 linux
... and enable that by running systemctl enable getty@tty1.service (change the --autologin user to whatever userid you want to auto login to).

Set the system so you need to be a member of wheel group to su ... but don't add 'user' to the wheel group i.e. edit /etc/pam.d/su and uncomment the line
auth required pam_wheel.so

Appending
[ -z $DISPLAY ] && [ "$(tty)" = "/dev/tty" ] && startx
to user's ~/.profile will automatically startx when user is (automatically) logged in i.e. boots straight to gui (X) desktop.

Post Reply