I have a spare computer running as a small server doing various things, and I'd like to create another account for my cousin, so she can learn how do manage a server/run minecraft etc. I'd like to give her sudo privileges, but I was wondering if it's possible to disallow the use of the passwd utility, so she can't change my password (accidentally or intentionally)?
Asked
Active
Viewed 103 times
1
2 Answers
4
Create a virtual machine, and have her log in to and use that. She can have complete root access within the VM, without affecting the host at all.
Greg Hewgill
- 7,053
- 2
- 32
- 34
-
good suggestion! using a VM in this way would provide a good learning environment. – Tim Kennedy Jun 16 '14 at 22:51
1
If you give your cousin sudo privileges for execute any commands she has superuser privileges and can do anything with system.
Right solutions - give sudo only for minimum required commands (for example vi /etc/init.d/minecraft оr /usr/bin/netstat). But remember, that many harmless commands (example less or find) allow to execute over commands.
If you don't want configure /etc/sudoers and just want protected from fool you can use some 'workaround':
- delete or move /usr/bin/passwd
- restore /etc/shadow from backup every 5 minutes by cron
- add in root .bachrc
alias passwd='echo Nonono'
mr_tron
- 364
vi /etc/shadow, or edit the sudo config file, or just break everthing ). However it can stop accidental usage, but what other command must you stop accidents on. – ctrl-alt-delor Jun 16 '14 at 22:42