Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
There is "root" - it can read everything - every file in every directory.
I have a /home/"user" which I need to close from entering to everyone except its owner and of course "root".
From other side, I need to give system management rights to some "users", but they do not have to get access to /home/"user" directory.
I do not know how to do it.
I tried "sudo", but sudo changes user id to root, and that user can read and modify my files. I did "whoami" on "sudo xterm" and got "root".
You can configure /etc/sudoers to run an application as a different user but root is the default because some utilities require its privileges.
Quote:
Originally Posted by nimnull22
I need to give system management rights to some "users"
What specific "system management rights" do these users need and how did you configure that? Root has access to things and that is a default anyone has to accept. If you can't trust a user to not deliberately sniff around /home/user then ask yourself how much you would trust the user with system management? Also if there are specific privacy concerns you may want to deal with that preventively and encrypt that users files or the file system, only to be mounted when the user is using the account? If none of this works for you please be verbose in your reply, add examples of users and commands and the nature of contents of /home/user.
Question is not about the trust. I just want to setup an environment where several network administrators can share one FreeBSD/Linux, they need to get the root privileges, but also they need to have their home folders closed against each other.
And I probably found one very good solution: sudoers configuration file can describe what exactly user, which is getting root, can do. All I need is to analyze what they will need or just to wait for their offers.
And I probably found one very good solution: sudoers configuration file can describe what exactly user, which is getting root, can do. All I need is to analyze what they will need or just to wait for their offers.
This is the way to go IMO. Otherwise (in case they become simply root), they could change the permissions of the home directories of other root users anyway or just su to any of the other root users.
You know, I start to suspect that in original form, *unix is not "multi root (through sudo)" OS, neither Linux nor FreeBSD. Because if user gets root from sudo + xtem and it can do everything, read, write and delete. It is not good at all. Also if one is root, mounts another disk, one also can read there everything unencrypted. I started do not like it, there is no any sign of privacy.
I want to research if selinux can help me to get what I want on Fedora. I will write here if I find anything interesting.
This is something typical to nearly any OS : root or administrator can get access to everything that is not encrypted.
Even on a windows system, anyone who is in the administrator group can take ownership and change permissions to get access.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.