Is there a way to create a "superadmin", i.e. a root user which can't be removed or whose permissions can't be changed by other root users?

Question

Let's say a Unix system has two root users.

Is it possible to prevent one of these root users from removing this user and to protect the ssh key access removal?

The goal is to ensure if a user is given root access, they are unable to remove the primary root user (i.e. the user which is responsible for the system to work correctly) while allowing each root user to install packages, changing file permissions etc. (but without them being able to affect the "sysadmin" or from removing them from the system)

I know we can create users with specific permissions (even if not root), but the scope of the question is users with full system access.

Why wouldn't you set up sudo then if a set of commands they are allowed to use? — Mark Scheck, Sep 29 '20 at 12:26

Chris Davies · Answer 1 · 2020-09-29T14:00:53.520

If an account has full system access then by definition you cannot stop it from doing anything it chooses.

You could theoretically write a kernel module that mediated attempts to change anything underneath /root on the root filesystem, and also refused to allow itself to be uninstalled, but there are still ways around this. Rebooting with a Rescue CD, for example, would bypass such a kernel module entirely.

Another solution might be a virtual machine having a root filesystem that reset itself to a known state each time it booted. This could be managed outside the context of the VM itself, and so unchangeable by any account inside it. You still wouldn't be able to prevent a root account inside the VM from changing things, but it probably wouldn't matter as you'd simply reset them on the next restart.

thank you. It's a cloud set up so I don't think it can be bypassed and also wouldn't resetting the file system means any change made by anyone? — dragonmnl, Sep 30 '20 at 08:55

score -1 · Answer 2 · answered Sep 29 '20 at 13:16

-1

By definition the root user can do anything and everything on the system, including deleting/modifying other users.

while allowing each root user to install packages, changing file permissions etc. (but without them being able to affect the "sysadmin" or from removing them from the system)

What you're probably looking for is sudo set up such a way the user can manage the system without having full access to it.

You can set up sudo to allow to run:

apt install/update/upgrade/remove/purge
chown/chmod but only for certain directories/files
useradd/userdel/groupadd/groupdel

Another idea is to use virtualization (full or light, e.g. LXC/linux containers) and allow the user to have full access to a guest OS.

answered Sep 29 '20 at 13:16

Artem S. Tashkinov

29,025

Not sure why your answer was downvoted. It seems reasonable to me if it's actually possible (customizing sudo behavior). How do you customize sudo to run only specific commands and only on specific directories as you suggested? – dragonmnl Sep 30 '20 at 08:56
@dragonmnl I've noticed there are people here on unix stackexchange who keep downvoting me because I happen to have quite unpopular yet reasonable opinions about Linux. Speaking of your question, here's how it can be approached: https://unix.stackexchange.com/a/44561 https://serverfault.com/a/281652 – Artem S. Tashkinov Sep 30 '20 at 10:04

Is there a way to create a "superadmin", i.e. a root user which can't be removed or whose permissions can't be changed by other root users?

2 Answers2