• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
NameHero Blog

NameHero Blog

Web Hosting Tips & Resources From NameHero

  • Hosting
    • Web Hosting
    • VPS Hosting
    • WordPress Hosting
    • WooCommerce Hosting
  • Reseller
  • Enterprise
  • Domains
  • Account
  • Blog Home
  • Categories

How To Safely Disable Root Access On InterWorx

Bhagwad Park

Published on: October 14, 2019

Categories: InterWorx 0

In my earlier article on creating a new user + shell, I’d explained that it’s a good idea to disable direct root access via SSH. One of the reasons why we see so many failed login attempts, is because spammers constantly bombard servers with fake credentials, searching for a way in. One solution was to change the SSH port, which some in the security industry classify as “security by obscurity”, and don’t view it as a valid measure (even though I disagree).

However, another way of inhibiting hackers from spamming your server and using up resources, is to simply disable root logins. In general, this is part of the overall security paradigm of never working directly with a root account in the first place. In Linux, any user can be configured to have administrative permissions via the “sudo” command.

So in this tutorial, we’re going to learn how to do the following:

  1. Give an existing user “sudo” permissions
  2. Disable root access

Allowing a User to Access “Sudo”

If you disable root logins without first giving an existing user administrative permissions, you’ve effectively locked yourself out of the server! Since you can’t login as root, and no one else can perform root functions, you need to directly access the backend to undo the changes. So this is what we’re going to do first.

Right now, if we try and execute a sudo command with a fresh user, we see something like this:

Trying to Execute sudo as a fresh user

This is because we need to add every user to whom we want to give “sudo” access, to the “sudoers” file. Here’s how to do it.

Login as Root and Execute “visudo”

This is a root operation, so you’ll first need to login as root. Once inside, type the command “visudo”. This will open the “/etc/sudoers” file, but in a safe way with checks so that you don’t mess up anything too badly!

Scroll Down to the Appropriate Line

The “vi” editor is very different from what you might be used to. It requires a specific set of keyboard presses. First, scroll down using the keyboard to the line that says this:

## Allow root to run any commands anywhere

Now position the cursor under the line starting with %wheel. Press the “Insert” button on your keyboard to enter editing mode. vi will now allow you to type in the command line.

Add the following:

[username]     ALL=(ALL)        ALL

Like this:

Adding a user to the sudoers file

Replace [username] above, with the name of the user to whom you want to give “sudo” access. Once you’ve finished typing, press the “Escape” button a couple of times. This will exit the editing mode. Now type “ZZ” (Shift + Z + Z). This will save the changes and exit visudo.

Verifying that it Works

Now let’s see if it works. Try and do the same operation that we did before. This time, it asks for the password and the command goes through as expected:

sudo command now working

So that’s working!

Disabling Root Access

Now that we’re capable of executing root commands via an existing user, it’s safe to disable root. Here’s how to do it. Access your InterWorkx dashboard, and go to system services as shown here:

SSH Server on InterWorx

Now on the right-hand side, select to disable root logins as shown in this screenshot:

Disable Root Login

Update your changes and you’re done!

Testing Root Access

Now exist your shell and try and log in again. If all goes well, you should be met with an “Access Denied” message as shown here:

Root Access Denied

This is working as intended. It’s widely considered a bad idea to log in as root, or even to work directly with the root account. Hopefully, this tutorial will make your server just a little bit safer!

Bhagwad Park Profile Picture
Bhagwad Park

I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Follow & Subscribe

Exclusive promos, content and more!

Most Popular Posts

Speed up your site: solving the WordPress slowdown

NameHero’s Recommended WordPress Plugin and Theme Setup (2023)

How To Increase The InnoDB Buffer Pool Size

How To Fix A Stuck All-in-One WP Migration Import

How To Add A Subdomain In Cloudflare

Top Categories

  • WordPress
  • Website Performance
  • Web Hosting
  • Resellers
  • Website Security
  • Website Development
  • VPS Hosting
  • SEO Tips
  • Announcements
  • Domain Registration
NameHero

NameHero proudly provides web hosting to over 40,000 customers with 99.9% uptime to over 750,000 websites.

  • Master Card
  • Visa
  • American Express
  • Discover
  • Paypal
Products
  • Web Hosting
  • VPS Hosting
  • WordPress Hosting
  • WooCommerce Hosting
  • Reseller Hosting
  • Enterprise Hosting
  • Domains
Help & Support
  • NameHero Blog
  • Knowledgebase
  • Announcements
  • Affiliates
Company
  • About Us
  • Contact Sales
  • Reviews
  • Uptime
  • We're Hiring

Copyright © 2023 NameHero, LLC. All rights reserved.

  • Privacy Policy
  • Terms of Use
  • Acceptable Use Policy
  • Payment Policy
  • DMCA