Disable root password and gain su sudo with no password
- User password strength is same as root's password, and one must 1st login in-order to use su/sudo.
- Root password will be disabled - thus anyone who will try login using root user will get denied... this will require anyone who wants to login to be familiar with the user name prior, which gives further security strength.
- Once local security is compromised, a root password is meaningless if a live-cd (etc) is in hands, or as a wise user added - a baseball bat...
You'll need "sudo" installed. You can grab it from pacman:
# pacman -S sudo
1. Allow user to sudo:
1.1 Add "<user> <machine_name/ALL>=(ALL) ALL" to /etc/sudoers. You might have to use visudo to do this. (Type visudo at bash prompt and edit. The command: s will start edit mode of vi, Esc will end it:wq will save the file and quit, while :q will quit visudo).
> visudo #allow user ziggy sudo from local machine only (my''machine''name = HOSTNAME in rc.conf): ziggy my''machine''name=(ALL) ALL #allow user arch sudo from anywhere (local/net): arch ALL=(ALL) ALL
1.2 If you didn't use visudo, you will need to CHMOD /etc/sudoers to 0440
chmod 0440 /etc/sudoers
2. Disable root and gain su/sudo with no password:
2.1 add group 'wheel' to installed accounts:
gpasswd -a <username> wheel
2.2 Allow members of 'wheel' group to use su (it will be passwordless since root will be disabled) by adding the following line to both /etc/pam.d/su & /etc/pam.d/sudo:
auth sufficient pam''wheel.so trust use''uid
2.3 to allow wheel users login via local only, add the following line to /etc/security/access.conf :
-:wheel:ALL EXCEPT LOCAL
2.4 disable the root account by removing it's password.
passwd -l root
3. if you ever need to reacitvate root, just run
sudo passwd root
Thats it. Enjoy your new passwordless root. :)