How to disable root account?

[Joe Hart]

> That's odd.  I have the root account enabled for the firewall and swat that 
> don't accept sudo, and use kdesu all the time.  Is this a dapper 
> "improvement"?
>   
There are 2 things that affect the workage of the root account.  The 
first is the fact that the account in enabled or not and the second is 
the sudoers file.  With the default sudoers file, even if the root 
account is enabled, all sudo commands (kdesu, gksu included) will want 
the user password and not the root password.

If you want to have the root password as the one the gui apps ask for 
(which is what I prefer) then you need to add rootpw as a parameter to 
the defaults in the sudoers file.

Now when I do something that asks for the root password, I type the root 
password.  My own password doesn't work.  My sudoers files looks like this:

------
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults

Defaults    !lecture,tty_tickets,!fqdn,rootpw

# User privilege specification
root    ALL=(ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

The only difference is the ,rootpw at the end of the Defaults line.

Since sudo wants the root password, it is safe to put all users in the 
admin group since they would still need to know the root password to do 
anything.  On my kids' computer it works well, as I don't have to change 
users to do things.

They'll eventually figure out how to do things behind my back, but it 
doesn't matter, it's their computer (They are 5 & 7).