I had previously tried using 'passwd -l' as root to lock that account, but that seems to have the unwanted side effect of causing root's cron jobs to fail, as I see the following message in syslog whenever a roon cron job comes time to run:
CRON[11591]: User account has expired
The solution I found is as follows. Before you do this you want to make sure you have the ability to do things as root via sudo, or you will lock yourself out (see here for directions on this).
First, I undid what I did before and unlock the account (skip this if you didn't previously lock the root account):
# passwd -u root
Password changed.
Then edit /etc/shadow by hand and change root's password field to "!", e.g.:
# grep root /etc/shadow
root:!:14145:0:99999:7::1:
Just to make sure test the setup by running 'ssh -l root localhost' and try logging in. You shouldn't be able to.
No comments:
Post a Comment