Join Log in
Score:0
avatar Ubuntu

Can a user without root privileges cause harm to the system for other users?

cn flag
BillyBoy

Can a user without root privilege access another user's home folder or perform harmful actions to other users?

If I was to run some executable on a user without root privileges and it got infected, can I just remove that user from the machine and continue as usual on the rest of the user accounts without removing anything else?

Is there some other way to run executables in a sandbox environment?

VMs are not a solution because I need full GPU performance.

89
1 + 0
Score:1
Nmath avatar Ubuntu
ng flag
Nmath

Yes, a user without root privileges can still mess up your system.

While logged in, users can't access the home folders of other users without sudo privileges. Users without sudo privileges are also not able to read or write to various protected files, directories, and devices.

But if you don't have full disk encryption on your device, then anyone with physical access to the device can do whatever they want, including reading and writing to system directories and the home folders of any user.

"Normal" users who can't use sudo are generally restricted from being able to do a lot of damaging actions, but it is not an absolute protection from every possible bad action you can imagine.

If you want a totally sandboxed environment and you can't use a VM or something similar, you could install another instance of Ubuntu with full disk encryption. Even then, a bad actor with physical access could perform harmful actions like formatting the hard drive. At least with full disk encryption, they will not be able to read or change the contents inside the encrypted volume unless you do a bad job of setting up or protecting your decryption keys.

+ 4
cn flag
BillyBoy
Thanks for the elaborate answer. In my case - physical access is not an issue, I was just gonna run games / less known software that doesn't require sudo on user B. So that would mean that my main user (A) is safe from whatever might be going on that other user account?
0
Reply
Nmath avatar
ng flag
Nmath
It really depends on the software, what it does, and how it's written. But in general, yes it's safe. But safety is never 100% guaranteed.
2
Reply
mara004 avatar
us flag
mara004
Anything but the second paragraph of this answer is misleading.
0
Reply
mara004 avatar
us flag
mara004
@Nmath Well, the main point is that normal users can't write anywhere except in their own home directory. So my answer would be "Software vulnerabilities notwithstanding, unpriviledged users can't harm the system in general". Apart from that, the question is about software sandboxing, so anything you mention about physical access is off-topic. Lastly I'm missing a mention of solutions like firejail, apparmor, or selinux.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.