LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-16-2004, 02:29 PM   #1
sibtay
Member
 
Registered: Aug 2004
Location: U.S
Distribution: Ubuntu
Posts: 145

Rep: Reputation: 15
A strange question: Limiting root access


Hi

It is not a programming related question, but being a programmer myself i think if this question has an answer then its gotta be a programmer

Well i am faced with a situation where i want to limit root's access to a particular portion of disk.

I know it sounds crazy but i do believe that people around the world might have faced this dilemma before. However i have searched the web but to no avail.

I know by using encrypted file systems the root even cannot view the files placed on a partition that is encrypted. But still i have heard that a super user can delete that "encrypted partition"..if not view its contents.

So i need a solution that allows only the owner of a certain portion of disk (for example a partition, or a directory etc) to have complete access and not even the super user should be able to view, modify or delete its contents.

If the solution does not exists then i am willing to get into the kernel's code. So if anyone does not know the solution but can provide me a good link from where i could get help in changing the kernel's code in this area (file's ownerships, partion's access etc), i 'll be gratefull

Thank You
 
Old 10-16-2004, 02:33 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
This probably isn't the answer you are looking for but I would be inclined jsut to forget the root user and just give another user sudo access to deal with maintainance issues then just don't give this user access to the specific part of the system or let them run applications which could affect it.
 
Old 10-16-2004, 02:44 PM   #3
sibtay
Member
 
Registered: Aug 2004
Location: U.S
Distribution: Ubuntu
Posts: 145

Original Poster
Rep: Reputation: 15
thank you david...but this problem was raised from the Grid Computing research group how are doing their grid stuff on linux
We (the LUGs) gave them this solution but this will not work for them since they 'll be sending fragments of a particular job to different computers..so it is not possible to lock the root's account and force them to use some other account

Thankz anyway
 
Old 10-17-2004, 12:18 AM   #4
Strike
Member
 
Registered: Jun 2001
Location: Houston, TX, USA
Distribution: Debian
Posts: 569

Rep: Reputation: 31
Describe the application more and we can help you more.

With clients and servers, you can basically never trust the client, unless you can check that they've done the right thing. So, depending upon the application, if you are going to send off data to be processed, it's best if you can verify (to within a certain percentage probability if not absolutely) that they have done the correct thing with it. One of the easiest ways of doing this is sending the same thing to be done by several clients and when a certain number of them agree, accept that as "sure enough". Or, depending upon the application, you may be able to perform only a small portion of the computation that the client does and verify that the answer given by the client jives with the results of the small portion of computation you've done. Generally this isn't doable because of how the problem works, but it's a possibility.
 
Old 10-18-2004, 07:30 AM   #5
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
limit the root users access ... maybe RSBAC is what you want? (its included, or at least some of it, i think, in grsec)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Limiting Bind9 Access kemplej Linux - Security 5 11-25-2005 12:52 PM
Access control limiting antidelldude Fedora 0 08-21-2005 11:34 AM
Root access question from a newbie oicu812 Linux - Software 6 10-19-2003 05:26 PM
the most stupid question about root access KoBe1510 Linux - General 4 06-10-2003 12:28 PM
limiting users access iquadri1 Linux - Networking 1 09-04-2001 01:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration