2

Is it possible to restrict what Root can do so that a user can not sudo a command or log in as root and run commands? I would like to change Roots and User1's Read, Write, and Execute permissions on /path/to/directory and all of its contents. But then give MyAdmin permission to modify that path. It would be great if only MyAdmin could change who can access or change the Read, Write, and Execute permissions of this path as well. Is this possible?

It would also be nice if User1 could still run commands like sudo apt get update but not sudo rm /path/to/dirctory

Andrew Pullins
  • 453

2 Answers2

5

You cannot restrict what root can do. Root can do anything and everything.

Be careful when deciding who you give root or sudo access.

Nmath
  • 12,333
  • Damn... Can you create an almost root admin then? Meaning you can use NotRootUser to do ’sudo apt-get update` and other useful things? – Andrew Pullins Dec 10 '21 at 05:38
  • @AndrewPullins define "other useful things" ... often those have unintended ways of granting complete root access. – muru Dec 10 '21 at 05:43
  • I realize that was a very broad statement. I'm still a Linux noob and often get in trouble when in the terminal. Basically want to follow tutorials, that totally won't brick my OS, and install software/games. I don't really do much, but I also like to poke around Linux from time to time. I am going to stop while I am not ahead and say I don't know what I mean – Andrew Pullins Dec 10 '21 at 06:02
  • 1
    This doesn’t help with your original question, but based on your comment ‘want to follow tutorials, that totally won't brick my OS’, if you have an old computer hanging around, you can put Ubuntu on that and play without risk. I had a 12 year old desktop that wouldn’t run windows 10 anything other than glacial speed, put Ubuntu on (to play around in the terminal as you said) and it worked so well my son’s used it as his main computer for the last 2 years! Low spec hardware is so cheap that might be an option for you. – Will Dec 10 '21 at 06:18
  • 1
    You can also try things in a VM like VirtualBox. I would not recommend blindly following tutorials you find online. Never enter commands into your system until you have researched and understand what each command does and learn how to reverse it. Even then, a lot of tutorials are for different software, or they are outdated, or just plain bad. – Nmath Dec 10 '21 at 06:38
-2

If you want to handle permissions, you probably should not soly rely on the builtin user mgmt. tools.

If you are looking to restrict access for a specific purpose(application), then you could just add that app as user(group gets created automatically).

If you have a different requirement, just reply to me :}.

Btw. you can specify which users can run which commands without passwords etc.

VISIT -> BEWARE - know what you are doing

command hint: sudo visudo

terdon
  • 100,812
local-user
  • 1
  • 3
    I removed the extremely dangerous suggestion to edit /etc/sudoers directly. NEVER, ever edit that file directly. The smallest mistake can break your system. – terdon Dec 10 '21 at 11:58