On an Ubuntu workstation with multiple profiles, how do you limit root access to specific profiles.
Asked
Active
Viewed 2,468 times
0
-
"limit root" is a contradiction. Either someone has root access and can do anything or it is not a root user. You can give users more permissions though. Please explain in a bit more detail what you want. Sometimes you can limit things with passwords for instance. – Rinzwind Jan 26 '16 at 15:56
-
@Rinzwind - yes and no, you can limit a users access to root via sudo and restricting commands and via apparmor/selinux. Yes there will need to be full access as root at some level, but both apparmor and selinux are able to restrict root. You can also encrypt data which will restrict access to even root. – Panther Jan 26 '16 at 16:11
2 Answers
1
You can limit root access in several ways:
- You can configure sudo to allow access to only some, but not all commands. Take care with this as sometimes this may allow shell access (for example running vim as root with sudo -> vim will then allow shell access).
For details see https://www.sudo.ws/man/sudoers.man.html, there are entire sections on how to configure sudo to allow access to a limited set of commands, by user, by group, and by alias.
- You can limit root with apparmor.
See discussions on Simple & easy way to jail users and http://blog.bodhizazen.com/linux/shared-ssh-sessions-update-for-jaunty-ubuntu-904/
If you have a specific problem with either method, revise your question or better ask a more specific question.
On other systems you can limit root with similar tools such as selinux - see http://www.engardelinux.org/ Engarde Linux restricts root with selinux ;)
- You can restrict access to data via encryption.
Panther
- 102,067
0
Only users inside of the sudo group can use it.
If you don't want users to be able to use root commands, you can delete them from the group sudo with deluser user sudo
