I enabled the root account in Unbuntu and then installed Virtualmin with the root account. The reason I believe the root account is disabled in Ubuntu by default is for security reasons.
So my question is, should I disable the root account (sudo passwd -l root) for security when I am done installing Virtualmin?
I am not a Linux expert and mainly work with Windowsm so what seems like a simple question for the community baffles me.
By default, after a fresh Ubuntu installation, I believe root user will not have a password set. And, that’s been the case since around Xenial (16.06) or Trusty (14.04), maybe even earlier. Your first user will be configured with sudo ALL privileges. You can, of course, set a root password, and many hosting providers do that with their Ubuntu image.
You do have to have a root user (many processes start with UID 0), but you can disable direct logins as root in a variety of ways. Using the “lock” option in passwd, as you mentioned above, is one (this sets the hashed password to start with !, which will never match a hash and thus prevent all authentication as this user). Disabling root logins in ssh is another (console root login still works). I tend to prefer the latter, as I like knowing I can get in on the console in the event everything else fails. But a sudo-capable user works for that, too, and you probably always still have single user mode, if you can get to the console.
