LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-17-2011, 08:54 AM   #1
anishkumarv
Member
 
Registered: Feb 2010
Location: chennai - India
Distribution: centos
Posts: 289

Rep: Reputation: 10
Is it possible to block root access!!!


Hi,

Is it possible to block root access to a particular directory.


With Regards
Anish Kumar.V
 
Old 03-17-2011, 09:01 AM   #2
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,527

Rep: Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898
You can encrypt the directory or files.

Kind regards
 
Old 03-17-2011, 09:02 AM   #3
reed9
Member
 
Registered: Jan 2009
Location: Boston, MA
Distribution: Arch Linux
Posts: 653

Rep: Reputation: 142Reputation: 142
Not as far as I know, but you could disable the root account altogether.

http://edipage.wordpress.com/2008/09...miting-access/

---------- Post added 03-17-11 at 09:03 AM ----------

There's this too.
http://www.centos.org/docs/4/4.5/Sec...es-noroot.html
 
Old 03-17-2011, 09:07 AM   #4
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 3,774
Blog Entries: 1

Rep: Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339
Quote:
Originally Posted by anishkumarv View Post
Hi,

Is it possible to block root access to a particular directory.


With Regards
Anish Kumar.V
If for some reason you are giving out the 'root' password and hoping to keep users from accessing a particular directory as 'root' because of this, you need to change the password to root and not allow your users to have the password to root.

Then make a special user for them and add it to the sudoers setup and allow them access to only what they need.

IMHO - - No user except me should be allowed to have real 'root' access.
 
Old 03-17-2011, 09:08 AM   #5
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,527

Rep: Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898
[QUOTE=reed9;4293765]Not as far as I know, but you could disable the root account altogether.

http://edipage.wordpress.com/2008/09...miting-access/

---------- Post added 03-17-11 at 09:03 AM ----------

/QUOTE]

If you disable root, and enable sudo, the problem is the same, no?

Kind regards
 
Old 03-17-2011, 09:17 AM   #6
mikey99
Member
 
Registered: Nov 2008
Location: UK
Distribution: RHEL, Fedora
Posts: 68

Rep: Reputation: 12
Quote:
Originally Posted by anishkumarv View Post
Hi,

Is it possible to block root access to a particular directory.


With Regards
Anish Kumar.V
You can achieve Role-Based Access Control with SELinux. You will need to use the Multi Category Security (MCS) policy. If setup correctly, you can block root from accessing confidential material. However, you will need to use dual control - define a Security Administrator, as well as the normal Systems Administrator. Give the Security Administrator control of SELinux roles, and remove the control from root.

Bottom line is, it is do-able, but not easy.
 
Old 03-17-2011, 09:18 AM   #7
reed9
Member
 
Registered: Jan 2009
Location: Boston, MA
Distribution: Arch Linux
Posts: 653

Rep: Reputation: 142Reputation: 142
[QUOTE=repo;4293772]
Quote:
Originally Posted by reed9 View Post
Not as far as I know, but you could disable the root account altogether.

http://edipage.wordpress.com/2008/09...miting-access/

---------- Post added 03-17-11 at 09:03 AM ----------

/QUOTE]

If you disable root, and enable sudo, the problem is the same, no?

Kind regards
Similar, but not the same. Isn't the argument for disabling root that it means there is one less thing to guess if you're trying to crack the system. If root is enabled, you know that user name and then you just have to crack the password. Of course, from the limited info we have, that doesn't seem to be the poster's concern, but as someone else said, why do other people have the root password to begin with?
 
Old 03-17-2011, 09:34 AM   #8
anishkumarv
Member
 
Registered: Feb 2010
Location: chennai - India
Distribution: centos
Posts: 289

Original Poster
Rep: Reputation: 10
Hi all,

Thanks for your replies, actually my scenario is we are running a webserver using apache-tomcat in that our client uploading resumes, so that particular space we are allowed to upload

Quote:
for example if the client bought only 250 MB space means we restrict the size limit to upload only 250 limit once the limit exceed means the client not able to upload files, like that...my scenario is
for that we are running java in root permission, so even we changed the particular folder permission also inside the Webapps but that also not works because the entire java process is running in root permission. so that only we planned to block root access for the particular folder once the limit exceed limit through scripts.

This is the right way?? or any other way is available to restrict the user upload inside the WEBAPPS ??? please guide me.


With Regards
Anish Kumar.V
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how do I block access to websites Glenn D. Linux - Newbie 2 01-28-2010 12:07 AM
Need to block root access in VSFTPD Davpronk Linux - Server 3 02-05-2009 03:45 AM
[SOLVED] Disable remote root access but allow local root access-- possible? bskrakes Linux - Security 3 03-03-2008 01:15 PM
How to block access certain services shankarLe Linux - Security 3 07-27-2007 04:35 AM
i need help... how to block internet access... E_l_d_o Linux - General 3 05-03-2007 01:00 PM


All times are GMT -5. The time now is 07:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration