HOWTO: Enable root login in KDE / Debian

UPDATE: Since I discovered Ctrl-Alt-F1 and found I could root login there and have no problems, I have not bothered modifying any KDE computer to enable the root login.

Last time I wrote that I needed to try a new user profile on serverpc because of issues resuming from hibernation. This has proved to be more involved than I expected because sddm automagically disables root login, and you can’t login as yourself, go into a root shell and delete your account, because processes have locked your user login, preventing it from being modified.

After a lot of investigation I found the following instructions which enable root to appear on the KDE logon screen:
  • Basically, you need to login to a root shell and edit /etc/sddm.conf file. This file may not yet exist on your system, in which case you must create it. You then need to add or change these sections:



It’s possible the [Autologin] section may not be needed. The [Users] section is needed in full. The first line hides every system user except root because there are a whole pile of other system users you don’t need to appear on the graphical login. The other two lines set the range of user accounts that can appear. Normally the default for MinimumUid is 1000 which of course is the first general user account in the system. Change that to 0 and it will take in root (and other system users, which get blocked by HideShells).

  • Also in your root shell run passwd root to ensure a password has been created for root.
  • You also need to edit /etc/pam.d/sddm and make the following changes:
Comment out the following line by putting a # character at the beginning of it
auth    required user != root nopasswdlogin
If the following line is commented, uncomment it (remove any # character in front of it)
auth    sufficient user ingroup nopasswdlogin 

Reboot the system and it should come up with Root enabled on the login screen (it will be highlighted in red instead of black).

  • In addition the following step has been found to be necessary:

Comment out a line in /etc/pam.d/sddm that reads as follows

auth      required user != root quiet_success