If you change your /home directory to be an NFS mount instead, you can use the root_squash option to have the root user on the local box map to an anonymous user on the NFS server. This would prevent root on your box from being able to modify the files in /home.
However, while root can never modify other user's files on the NFS server, beware that there are malicious things that root could still do. For example root could unmount /home and replace it with a seemingly duplicate /home that it could write to. It could also mount a fake filesystem over the top of another user's home directory that it could also write to. While the original files would still be safe and untouched on the NFS server, your users won't know how to look for this trickery and you might run into whatever problem you were trying to avoid.
8That kinda defeats the purpose of having a
root
user. Can you elaborate why you'd want that? – slhck – 2012-04-17T13:54:18.143@slhck since the files in a user account won't interfere with others usage of the system, I don't see why this can be a problem. The root account can be used for common operations like installing software to be used by everyone. – Can't Tell – 2012-04-17T14:00:27.743
1Why do you want root to not be able to delete files in another user's home? This is the point of
root
user, to have access to all the files. – Renan – 2012-04-17T14:06:54.180@Renan But doesn't that compromise privacy? – Can't Tell – 2012-04-17T14:11:07.887
1@Can'tTell Yes, this is why you need to be careful with the
root
login. – Renan – 2012-04-17T14:11:40.507In principle this should be possible with access control lists enabled and no root user (i.e. you set up specific administration users for various functions but no account with uid 0), but it would require very careful construction and a probably be a maintenance nightmare. – dmckee --- ex-moderator kitten – 2012-04-17T18:11:04.140
@Can'tTell having root access to a system is traditionally a very high responsibility. On a private home system, absolutely nobody but you should ever have access to your root account. Distros like Ubuntu take the extra step of disabling direct root access, and the only way to "get root" is via sudo. I think this is a very reasonable approach. – mkaito – 2012-04-18T14:11:01.200
I can comment on how it is on Windows: Administrator users don't have all rights per se, but they have the right to acquire all rights, so at least here it would be kind of impossible. – sinni800 – 2012-05-14T18:38:43.963