1
Is there a Linux distribution that prevents root user from modifying/deleting files/directories in another user's home? I came across tools that allow the home directory to be encrypted. But I want other users to be able to read the files but not modify or delete them.
If this is not possible in Linux, does any of you know of any other OS that allows this?
Can't Tell
Posted 2012-04-17T13:49:53.020
Reputation: 221
5
You are asking the wrong question if you want an answer other than "No" - root can not be hindered from doing anything (including changing permissions, but can *deity* set permissions so strict that even it can't bypass them?).
What you probably want is to be able to give out some administrative privileges (installing programs and such) to users without making them almighty on the system. For this you can use e.g. sudo with restrictions on a user/group level.
Daniel Andersson
Posted 2012-04-17T13:49:53.020
Reputation: 20 465
Thanks for your answer. Is it possible (by editing the sudoers file) to allow a user(other than root) to do everything that root can do but not modify other users' files? – Can't Tell – 2012-04-17T16:25:20.420
@Can'tTell: It's difficult to say "no" without being comfortable with every aspect of a program, but: no. sudo is used as a white list (allow specific applications to be used) and not a black list (deny specific operations), and what happens with the white list is that those programs are run with root privileges. If you want users to be able to e.g. install programs: allow apt-get or aptitude or what you use. Often one writes wrapper scripts that are allowed sudo privileges to be able to control access. It's a never-ending topic on itself, though, not fit for these comment boxes. – Daniel Andersson – 2012-04-17T17:42:25.433
2
The root user can modify anything in any user's home, this is by design.
To have users be able to read, but not modify files, you will have to use groups and give the files read-only group permission. An example, which illustrates your use case, is available from here:
Renan
Posted 2012-04-17T13:49:53.020
Reputation: 7 463
But I want to prevent the root user from deleting/modifying files in user home as well. – Can't Tell – 2012-04-17T14:08:01.260
1@Can'tTell this is not possible, by design the root user has access to modify/delete all he wants. Doing otherwise sort of defeats the point of a root user. – Renan – 2012-04-17T14:09:14.207
0
If you change your /home directory to be an NFS mount instead, you can use the root_squash option to have the root user on the local box map to an anonymous user on the NFS server. This would prevent root on your box from being able to modify the files in /home.
However, while root can never modify other user's files on the NFS server, beware that there are malicious things that root could still do. For example root could unmount /home and replace it with a seemingly duplicate /home that it could write to. It could also mount a fake filesystem over the top of another user's home directory that it could also write to. While the original files would still be safe and untouched on the NFS server, your users won't know how to look for this trickery and you might run into whatever problem you were trying to avoid.
Tim Ace
Posted 2012-04-17T13:49:53.020
Reputation: 1
8That kinda defeats the purpose of having a
rootuser. Can you elaborate why you'd want that? – slhck – 2012-04-17T13:54:18.143@slhck since the files in a user account won't interfere with others usage of the system, I don't see why this can be a problem. The root account can be used for common operations like installing software to be used by everyone. – Can't Tell – 2012-04-17T14:00:27.743
1Why do you want root to not be able to delete files in another user's home? This is the point of
rootuser, to have access to all the files. – Renan – 2012-04-17T14:06:54.180@Renan But doesn't that compromise privacy? – Can't Tell – 2012-04-17T14:11:07.887
1@Can'tTell Yes, this is why you need to be careful with the
rootlogin. – Renan – 2012-04-17T14:11:40.507In principle this should be possible with access control lists enabled and no root user (i.e. you set up specific administration users for various functions but no account with uid 0), but it would require very careful construction and a probably be a maintenance nightmare. – dmckee --- ex-moderator kitten – 2012-04-17T18:11:04.140
@Can'tTell having root access to a system is traditionally a very high responsibility. On a private home system, absolutely nobody but you should ever have access to your root account. Distros like Ubuntu take the extra step of disabling direct root access, and the only way to "get root" is via sudo. I think this is a very reasonable approach. – mkaito – 2012-04-18T14:11:01.200
I can comment on how it is on Windows: Administrator users don't have all rights per se, but they have the right to acquire all rights, so at least here it would be kind of impossible. – sinni800 – 2012-05-14T18:38:43.963