How to Enable and Disable Root Login in Ubuntu

This tutorial explains how to enable and disable the root login in Ubuntu. Learn how to enable the root user account and once enabled, how to disable it again.

In Linux, root account is the main administrator account. When we install Linux, the installation wizard automatically creates this account. In some Linux flavors such as RedHat and CentOS, the installation wizard allows us to set password on this account.

In Ubuntu Linux, the installation wizard neither provides an option to set password nor provides any information about this account. It simply creates this account without password in background.

In Linux, a user account without password or empty password is considered as a disabled account. Since the root account is created without password by the installation wizard, it remains in disabled state until it is manually enabled.

Before we learn how to enable the root account, let’s check how and where the Ubuntu stores the root account information. In a standalone Linux system, user information is stored in two files; /etc/passwd and /etc/shadow.

/etc/passwd: - This file stores users’ records.

/etc/shadow: - This file stores users’ passwords.

Advertisements

To know how the root account’s information is stored in these files, access a shell prompt and run the following commands.

$sudo grep root /etc/passwd
$sudo grep root /etc/shadow

root password entry

As we can see in above output, password field is occupied by the character "x" and "!" in user database file and in password file respectively.

  • The character "x" represents a blank or empty password.
  • The character "!" represents that password is locked.

A locked password means, user is not allowed to use the password. No matter whether you type the right or wrong password, if password is locked, login attempt will be failed in every situation.

root login fail

Technically, with default installation and without any change, the root account is disabled and locked in Ubuntu.

Enabling root account in Ubuntu

Advertisements

There are three ways to enable the root login in Ubuntu: -

  1. Temporary
  2. For CLI prompt only
  3. For both CLI prompt and GUI interface.

Let’s discuss these methods in detail.

Enabling root account temporary

If you only need the root account for a particular task or job, run the following command and supply the super user password to authenticate the action.

$sudo –i

Super user is the user account that we create during the installation or any other user account which we manually add in administrator group.

Disabling root account

Once specific task is finished, use the exit command to logout from the root account or simply close the terminal if you have no further task.

sudo -i command

Enabling root account for command line (CLI prompt)

With default installation, Linux offers six independent virtual terminals (CLI) and one GUI interface. These terminals can be accessed by pressing the ALT+CTRL+F(1to7) keys.

To enable root account for CLI terminal only, use the following command: -

$sudo –i passwd root
Enter new UNIX password: [Set new password for root account]
Retype new UNIX password: [Confirm new password]

This command is the combination of two commands. First command unlocks the root account and second command sets password for the root account.

enable root login for cli prompt

Once root account is unlocked and password is set, it is ready to use for CLI prompt. To confirm this, switch to any CLI terminal, and login from the root account.

testing root login at cli prompt

Disabling root account

If root account is no longer required, you can use the following to command to disable it again.

$sudo passwd -dl root

This command makes the root password empty and enables the password lock again.

disabling root login

To confirm the disabling of root account, switch to CLI prompt again and login from the root account.

testing root login disable for cli prompt

Enabling root account for GUI (Ubuntu Desktop)

Just like the previous method, enable the root account with the following command.

$sudo –i passwd root
Enter new UNIX password: [Set new password for root account]
Retype new UNIX password: [Confirm new password]

enabling root login for gui

GUI (Ubuntu Desktop) has its own security layer which blocks the root account from login. So, even we have a properly enabled root account with password, it does not work in GUI interface.

Before we adjust necessary security features, let’s try to login from the root account in GUI interface with the correct password.

root login gui testing

As we can see in above output, root account is not allowed to login.

In order to allow the root account in GUI, we have to modify the following files.

/etc/gdm3/custom.conf
/etc/pam.d/gdm-password

Before update, let’s take the backup of these files. Backup copy allows us to deal from any unpleasant situation.

$mkdir bakup
$cp /etc/gdm3/custom.conf backup/
$cp /etc/pam.d/gdm-password backup/

taking backup of configuration files

Now open the /etc/gdm3/custom.conf file with your favorite text editor.

open the file /etc/gdm3/custom.conf

And add the following line in the [security] directive and save the file.

AllowRoot=true

updating the file /etc/gdm3/custom.conf

Now open the /etc/pam.d/gdm-password file.

open the file /etc/gdm3/custom.conf

And add the hash (#) sign in starting of the following line and save the file.

auth required pam_succeed_if.so user !=root quiet_success

Any line which starts with the # is considered as a comment line in configuration file. Shell ignores all comments when it executes a configuration file.

updating the file /etc/gdm3/custom.conf

To apply these changes, we have to restart the system.

reboot the system

After restart, login from the root account again and verify that the root account is enabled.

login from root in GUI

Disabling root password

Just like the previous method, first make the root password empty and put it in lock condition again with the following command.

$sudo passwd –dl root

disable root login

Now, remove the changes which we made in configuration files. If you have taken the backup of configuration files, just restore the original files back from the backup.

updating configuration files

If you haven’t taken the backup,

Remove the "AllowRoot=true" line from the [security] directive in file /etc/gdm3/custom.conf
Remove the # sign from the starting of the following line
#auth required pam_succeed_if.so user !=root quiet_success
in file /etc/pam.d/gdm-password

Enabling and disable root login in nutshell

Requirement To enable root account To disable root account
Temporary Run the sudo –i command Use the exit command or close the terminal
CLI Only Use the sudo –i passwd root command. Set root password, when it asks. Use the sudo passwd –dl root command
CLI & GUI both Use the sudo –i passwd root command. Set root password, when it asks.
Add the "AllowRoot=true" line in the [security] directive in file /etc/gdm3/custom.conf file.
Add the # in starting of the following line
auth required pam_succeed_if.so user !=root quiet_success
in /etc/gdm3/custom.conf file.
Use the sudo passwd –dl root command
Remove the "AllowRoot=true" from the [security] directive in file /etc/gdm3/custom.conf file.
Remove the starting # from the following
auth required pam_succeed_if.so user !=root quiet_success
in /etc/gdm3/custom.conf file.

The options d and l

At end of this tutorial, let’s understand the options; –d and –l which we used with the passwd command.

-d: - This option is used to delete the user’s password. Since Linux does not allow a user to login without password, a user account with blank password is disabled automatically.

-l: - This option is used to lock the password. Once password is locked, user is not allowed to use the password.

option d and l

That’s all for this tutorial. If you face any problem in enabling or disabling the root account, let me know. I will help you in this procedure. If you like this tutorial, please don’t forget to share it with friends through your favorite social site.

ComputerNetworkingNotes Linux Tutorials How to Enable and Disable Root Login in Ubuntu