Join Log in
Score:2
avatar Ubuntu

Restrict Roots permissions

cn flag
Andrew Pullins

Is it possible to restrict what Root can do so that a user can not sudo a command or log in as root and run commands? I would like to change Roots and User1's Read, Write, and Execute permissions on /path/to/directory and all of its contents. But then give MyAdmin permission to modify that path. It would be great if only MyAdmin could change who can access or change the Read, Write, and Execute permissions of this path as well. Is this possible?

It would also be nice if User1 could still run commands like sudo apt get update but not sudo rm /path/to/dirctory

88
0 + 0
Score:5
Nmath avatar Ubuntu
ng flag
Nmath

You cannot restrict what root can do. Root can do anything and everything.

Be careful when deciding who you give root or sudo access.

0 + 0
cn flag
Andrew Pullins
Damn... Can you create an almost root admin then? Meaning you can use NotRootUser to do ’sudo apt-get update` and other useful things?
0
Reply
muru avatar
us flag
muru
@AndrewPullins define "other useful things" ... often those have unintended ways of granting complete root access.
0
Reply
cn flag
Andrew Pullins
I realize that was a very broad statement. I'm still a Linux noob and often get in trouble when in the terminal. Basically want to follow tutorials, that totally won't brick my OS, and install software/games. I don't really do much, but I also like to poke around Linux from time to time. I am going to stop while I am not ahead and say I don't know what I mean
0
Reply
Will avatar
id flag
Will
This doesn’t help with your original question, but based on your comment ‘want to follow tutorials, that totally won't brick my OS’, if you have an old computer hanging around, you can put Ubuntu on that and play without risk. I had a 12 year old desktop that wouldn’t run windows 10 anything other than glacial speed, put Ubuntu on (to play around in the terminal as you said) and it worked so well my son’s used it as his main computer for the last 2 years! Low spec hardware is so cheap that might be an option for you.
1
Reply
Nmath avatar
ng flag
Nmath
You can also try things in a VM like VirtualBox. I would not recommend blindly following tutorials you find online. Never enter commands into your system until you have researched and understand what each command does and learn how to reverse it. Even then, a lot of tutorials are for different software, or they are outdated, or just plain bad.
1
Reply
Score:-2
local-user avatar Ubuntu
kr flag
local-user

If you want to handle permissions, you probably should not soly rely on the builtin user mgmt. tools.

If you are looking to restrict access for a specific purpose(application), then you could just add that app as user(group gets created automatically).

If you have a different requirement, just reply to me :}.

Btw. you can specify which users can run which commands without passwords etc.

VISIT -> BEWARE - know what you are doing

command hint: sudo visudo

0 + 0
terdon avatar
cn flag
terdon
I removed the extremely dangerous suggestion to edit `/etc/sudoers` directly. NEVER, ever edit that file directly. The smallest mistake can break your system.
3
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.