49.10. Never Log In as root
The easiest way to allow a cracker into your system is to provide external root login access. In particular, if you allow root access through an unprotected and open protocol such as telnet, you're almost guaranteeing that your Unix box is going to be violated at some point.
To prevent this, most Unix systems don't allow remote login into the system as root. Instead, you log in under another username and then su to root once you're within the system.
In Solaris, a line within /etc/default/login file is commented out if remote root login is allowed:
Uncomment the line to allow root access through the system console. To completely disable console access, remove the /dev/console from the line:
Copyright © 2003 O'Reilly & Associates. All rights reserved.