5.4. The root account

The root account is the most privileged account on a Unix system. The root account has no security restrictions imposed upon it. This means the system assumes you know what you are doing, and will do exactly what you request -- no questions asked. Therefore it is easy, with a mistyped command, to wipe out crucial system files. When using this account it is important to be as careful as possible. For security reasons, never log in on your server as root unless it is absolutely an instance that necessitates root access. Also, if you are not on your server, never sign in and leave yourself on as root --this is Very, Very, Very BAD practice.

Set login time out for the root account. Despite the notice to never, if they are not on the server sign in as root and leave it unattended, administrators still stay on as root or forget to logout after finishing their work and leave their terminals unattended. The answer to solve this problem is to make the bash shell automatically logout after not being used for a period of time. To do that, you must set the special variable of Linux named TMOUT to the time in seconds of no input before logout. Edit your profile file /etc/profile and add the following line somewhere after the line that read HISTFILESIZE= on this file:


            TMOUT=7200
            
The value we enter for the variable TMOUT= is in second and represent 2 hours (60 * 60 = 3600 * 2 = 7200 seconds). It is important to note that if you decide to put the above line in your /etc/profile file, then the automatic logout after two hours of inactivity will apply for all users on the system. So, instead, if your prefer to control which users will be automatically logged out and which ones not, you can set this variable in their individual .bashrc file. After this parameter has been set on your system, you must logout and login again as root for the change to take effect.