Disabling the root user

In enhanced RBAC mode, it is possible to configure the system so that the root user has no associated special powers and is treated by the system as a normal user.

Historically, the root user’s ID value of 0 has been treated as a privileged ID by the operating system and is allowed to bypass enforced security checks. Disabling the root user effectively removes the checks in the operating system which allow the user ID of 0 to bypass security checks and instead requires the process to have privileges to pass the security checks. Disabling the root user minimizes the damage an attacker can cause since there is no longer a single all-powerful user identity on the system. After disabling the root user, system administration must be performed by users who have been assigned privileged roles.

setsecconf –o root=disable

After running this command the root user account cannot be accessed through remote or local login or through the su command. However, since the root user account remains the owner of files on the file system, if the account is acquired, the user would have access to privileged files.

On a system where root has been disabled, processes owned by root are no longer assigned any special powers or privileges. This should be considered if the system has setuid applications owned by root that have not been added to the privileged command database. These setuid applications will probably fail in a root-disabled environment since the process cannot perform privileged operations. In a root-disabled system, any command that needs to perform privileged operations should be added to the privileged command database and assigned the appropriate privileges. Therefore, a careful analysis of the system and the applications used on the system should be performed before disabling the powers of the root user.