Post by Henrik Carlqvist
(All direct root logins are disabled here except in single-user
maintenance mode, which requires entering the root password.)
How did you configure that? Different /etc/securetty in single-user
mode? Disabling ctrl-alt-f1 in xorg.conf? Some other setting?
I've completely emptied /etc/securetty, which takes care of all local
root logins in any of the normal runlevels, as well as root logins via
the serial port.
The file is not sourced for going to single-user mode, so it still
allows a root login then. Actually, single-user mode doesn't even ask
for a user name — only for the root password — and if you hit Ctrl+D
instead (as prompted) then it'll just return to the default runlevel
(or stay in the default runlevel on systemd-based distributions —
systemd runlevels work slightly differently).
And of course, if you want to disable root logins altogether, then you
will also want to do so in /etc/ssh/sshd_config. Many distributions —
though not all — do allow remote root logins by default, albeit only via
authentication keys. But given how many of those ssh keys are stored on
laptops that get stolen from remote sysadmins, it's no wonder that many
sites are getting compromised.
Much safer to log in with an unprivileged account and then use "su -"
to obtain root privileges. And of course, never allow GUI logins as
root. I don't think Slackware does that,but many distributions do, and
the n00bs are all too eager to go there, mess up their system and then
come to us for help in fixing it. <rolling eyes>
= Aragorn =