I would like disable logging in as root on the login prompt but it should be possible to ‘su’ to root, give password and login.
Any help will be appreciated.
I found this which talks about the
/etc/securetty is present on the system, but empty (quoting):
If /etc/securetty exist and is empty, root access will be restricted
to single user mode or programs that are not restricted by
pam_securetty (i.e. su, sudo, ssh, scp, sftp)
ssh and friends you will have to edit the
/etc/ssh/sshd_config file and add or uncomment a
PermitRootLogin yes line.
To prevent users from logging in as root directly, edit the
/etc/passwd file, changing the shell from
/sbin/nologin. Modify the
/etc/sudoers file using
visudo to grant specific users authority to perform administrative tasks.
Hint copied from here.
To disable root login modify the shell for root in
/sbin/nologin either directly using an editor or using
usermod -s /sbin/nologin root
Alternatively you can use
passwd -l root
Once you’re logged in as a regular sudoer (user with sudo privileges) you can access a root shell by using
sudo su or