LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-20-2011, 11:48 AM   #1
aggrishabh
Member
 
Registered: Nov 2010
Posts: 87

Rep: Reputation: 1
How to restrict root user to delete a file or directories


Hi,

is there any way so that we can restrict root to delete a file/directories and What is extended file attributes.

can someone please suggest a good book for system administration concepts which contains concepts like above.
 
Old 01-20-2011, 11:57 AM   #2
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,817

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
Not really, because root is the main administrator account. If you are so worried about files or folders being deleted as root, I would recommend to move them to another storage location, such as a portable hard drive or flash drive.
 
Old 01-20-2011, 12:13 PM   #3
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,

You can restrict but not stop root from deleting files/directories.

Using the chattr you can make files/dirs immutable, which will render rm etc useless (also true for root). But as stated by corp769, root can use chattr to undo the changes and afterwards is able to remove those files and dirs.

For root, using chattr would be an extra layer, which would at least prevent accidental removal/change.

Anyway: chattr +i file to set immutable flag and chattr -i file to remove. Do have a look at the chattr and lsattr man pages.

Hope this helps.
 
Old 01-20-2011, 12:22 PM   #4
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,817

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
Yeah you could definitely do that, but as you said man, root would easily remove the flag, so setting the +i flag would technically be pointless.
 
Old 01-20-2011, 12:31 PM   #5
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,
Quote:
Originally Posted by corp769 View Post
Yeah you could definitely do that, but as you said man, root would easily remove the flag, so setting the +i flag would technically be pointless.
That depends. From a security point of view: You are 100% correct. If, on the other hand you want to protect your files from accidental changes (including removal), it could be useful.

I've worked on proprietary Unix machines were just about everything had to be done as root user, certain key files and directories where made immutable just to make sure they were not accidentally removed. This was done after a tested script removed a big chunk of files and directories (script was tested, but this bug wasn't noticed/tested).

So making files/dirs immutable has its uses, even for the root user.
 
Old 01-20-2011, 01:11 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
One should be able to stop root from deleting certain files and directories using a SELinux MLS policy.
I doubt you'll find a ready to use drop-in policy example for that on the 'net though.
 
Old 01-20-2011, 01:21 PM   #7
ashwinipatankar
Member
 
Registered: Oct 2009
Location: Bangalore, India
Distribution: Fedora
Posts: 32

Rep: Reputation: 10
you can encrypt your home directory thats all you can do, as in ubuntu, try to explore the same thing in your distribution also , and make use know before marking this post as [solved]
 
Old 01-20-2011, 05:55 PM   #8
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,817

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
Quote:
Originally Posted by druuna View Post
Hi,
That depends. From a security point of view: You are 100% correct. If, on the other hand you want to protect your files from accidental changes (including removal), it could be useful.

I've worked on proprietary Unix machines were just about everything had to be done as root user, certain key files and directories where made immutable just to make sure they were not accidentally removed. This was done after a tested script removed a big chunk of files and directories (script was tested, but this bug wasn't noticed/tested).

So making files/dirs immutable has its uses, even for the root user.
I do see your point man, but for me, security comes first.
 
Old 01-20-2011, 07:55 PM   #9
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
Root can do on your machine what he wants, because he is root. If you restrict him, he will be able to remove restriction.
I think this is the wrong approach to security. In the first place I would ask me why I have a root that must be restricted. If you can't trust your root then fire him (but change his password before telling him).
 
Old 01-20-2011, 08:05 PM   #10
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,362

Rep: Reputation: 172Reputation: 172
For day to day operations one should not need to be root. You create a user with just enough permissions to do your day to day work and use it. On those rare occasions when you really must be root, the su - into it.

If you cannot trust your root user, get rid of him ASAP. It will take him no time at all to Fubar your system if he so wishes. Remember he can see(read) anything on any users account (email, etc). It is really easy to create(and bury) a cron job that checks to see if root(the bad guy)has checked in this week and if not delete/erase random parts of the HD(much worse than if he would delete everything and virtually impossible to find without doing a clean install).
 
Old 01-20-2011, 08:38 PM   #11
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 4,037

Rep: Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099
"sudo" is a good tool for giving users restricted root-like privileges for certain tasks. Different users can have different rights as defined in /etc/sudoers so for example you could allow a user to perform limited administration tasks but not to delete system file or directories.

http://en.wikipedia.org/wiki/Sudo
 
Old 01-20-2011, 11:30 PM   #12
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally Posted by unSpawn View Post
One should be able to stop root from deleting certain files and directories using a SELinux MLS policy.
I doubt you'll find a ready to use drop-in policy example for that on the 'net though.
But how you stop root from temporarily disabling SELinux?



Cheers,
Tink
 
Old 01-22-2011, 09:50 AM   #13
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Quote:
Originally Posted by Tinkster View Post
But how you stop root from temporarily disabling SELinux?
Maybe it's possible to patch/config that out at kernel compile time like you would do with say a GRSecurity-enabled kernel?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to do recursive file delete using specifier (*.tmp) from nested directories? Arodef Linux - General 3 11-11-2009 08:49 AM
How to restrict a user from uploading any file a Linux box to the internet? smbhat Linux - Security 13 10-17-2008 02:49 PM
restrict access of a user to two directories only vikas027 Linux - Enterprise 5 04-15-2008 12:18 PM
Creating user directories in Apache root robojerk Linux - Networking 1 09-21-2004 01:34 PM
Tried to delete file as root but it says I don't have permission to delete it! beejayzed Mandriva 23 03-12-2004 03:46 AM


All times are GMT -5. The time now is 07:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration