2
1
Is it possible to have a user in Ubuntu/Debian that does not have access to synaptic, apt-get, dpkg and cannot even download anything from the Web, but has root privileges otherwise?
Original post (above translated by aimar):
Bonsoir je voulais savoir s'il est possible d'avoir un user avec tous les droits de root et qui ne peux rien télécharger. En fait je cherche à désactiver synaptic, apt-get, dpkg Merci
insatienne
Posted 2011-04-21T20:41:28.433
Reputation: 21
4
Downloading from the web can be blocked using the firewall settings of Linux (iptables).
As for root - if you want to only provide access to specific commands as root then you would be best off using sudo to grant specific users access to specific commands.
Majenko
Posted 2011-04-21T20:41:28.433
Reputation: 29 007
Agreed on sudo - what he's asking for is a neutered root user, clearly not what it was intended for. – new123456 – 2011-04-21T21:57:00.223
1If you can't trust the person not to install new packages, I would seriously consider not giving them root access. Use sudo to enable them to run the commands they need. (I wouldn't allow them to modify any scripts that they can run with sudo. Also verify the allowed commands don't have a shell option.) – BillThor – 2011-04-21T22:20:17.373
1
I'd say your best bet is to remove the binaries that you don't want your root user to use (wget, apt-get, etc).
However this can break some system fuctionnalities because some applications assume you have a functionnal wget, dpkg, etc. And, well, as long as it's root, and even with no internet connection, he can insert a cd and recopy the binaries...
lisa17
Posted 2011-04-21T20:41:28.433
Reputation: 1 019
I think the question is "How to prevent Ubuntu/Debian root users from accessing apt-get or downloading from the web, etc?" – lisa17 – 2011-04-21T21:13:08.747