Manjaro is based on arch, by default we use a root account, and set a password. The installer (calamares) asks for a root password in the user creation dialog. However, it also has a setting (check box) to have it use the same password as the user account it creates.
That is very bad advice. It's an Ubuntu'ism. It is safe ─ and in my personal opinion, even recommended ─ to disable direct root logins, but only on the condition that one's account is a member of the wheel group, and this condition should be verified first.
Once you are certain that your account is in the wheel group ─ so that you can become root with the command...
─ you can proceed with the safest way to prevent root from logging in directly, i.e. to first make a backup copy of the file /etc/securetty and to then issue the following command (as root):
echo > /etc/securetty
This will truncate the file, i.e. empty it.
Yes. But you'll need to do it from a live medium and inside a chroot environment
mount -t auto /dev/whatever-the-root-device-is /repair
chroot /repair /bin/bash
sync && exit
I don't know whether that is possible, but someone else might be able to shed more light on that.
Did you ever read the arch wiki, or study up on how su, sudo works?
Your advise is more of a hack, and not really all that secure.
Your only disabling terminal logins.
There are other ways to log in and,or gain access using the root account.
I know how su works, thank you very much. I've only been exclusively using GNU/Linux for 20 years.
As for having read the Arch wiki, I have only been using Manjaro for just over a week now, so I haven't exactly had either the time or the inclination to study each and every article in the wiki of another distribution that just so happens to be the upstream of this one here. I sincerely apologize for this discrepancy, but I've got two forums to run and I do also still have a life away from the computer screen.
Furthermore, as per your own description, the Arch method would be akin to the Ubuntu method, and I've already said that was bad advice. Either one gives a user full root privileges with sudo but on the condition that the user must enter the target account's password, or one only gives the user a restricted subset of root privileges whereby it is sufficient for the user to supply their own password. Ubuntu gives the user full root privileges while requiring only their own password, which means that if the user's account gets compromised, the attacker has full root access.
Now, I don't know whether that is the advice given in the Arch wiki, but it's what you seemed to be suggesting. Like I said, I've got more important things to do with my time right now.
I know it's a hack, but it's a very old one from the UNIX world, and I would be interested in learning why it's not secure.
Of course, if one runs an ssh server, then one must also prevent root logins there, as well as in any of the web-based administration utilities that one would be running on one's machine ─ e.g. webmin. But none of those things are enabled in Manjaro out-of-the-box, and the OP identifies as a newbie, so I doubt whether they would have set up openssh-server or webmin.
I agree with you, for the most part. I disagree the old unix way is any more secure. After all, to compromise the root account all you need is the password, to compromise a user account you need both the users login, as well as their password.
But for a normal non-technical users. especially ones new to the Linix world, we need to keep things as simple as possible.
I too have been using Linux for a very long time, since 1995, and unix (Minux, BSD, AIX, and HPUX) for even longer. I've also been using Manjaro since about it's creation (version 0.1.2).