I have created a file which resides inside my directory on a unix server. People have sudo privileges. How can I restrict them to read that file (even when they have sudo previleges) ?
Asked
Active
Viewed 278 times
2 Answers
2
Providing sudo
access does not have to equate to:
giving the keys to the kingdom.
Just don't be so generous with your sudoers
permissions.
If you want them to just have access to read a file, provide only sudo
access to cat
.
Also, be careful of granting sudo
access to apps like vim
or less
, which allow you to drop into a shell (as root).

Paul Calabro
- 530
-
1
-
-
1
-
Whoa! Just tried it. Did not know about! [spine chill] Thanks for the heads up! – Paul Calabro Jan 13 '16 at 17:39
1
SELinux would be a way to do this -> https://en.wikipedia.org/wiki/Security-Enhanced_Linux
By definition, root has access to everything, so you won't have much luck otherwise, I'm afraid.

mikeb
- 328
sudoers
file? – Paul Calabro Jan 13 '16 at 15:52sudo chattr +i file
and hope that none of them know how to undo it. – 123 Jan 13 '16 at 16:01