0

Let's say a Unix system has two root users.

Is it possible to prevent one of these root users from removing this user and to protect the ssh key access removal?

The goal is to ensure if a user is given root access, they are unable to remove the primary root user (i.e. the user which is responsible for the system to work correctly) while allowing each root user to install packages, changing file permissions etc. (but without them being able to affect the "sysadmin" or from removing them from the system)

I know we can create users with specific permissions (even if not root), but the scope of the question is users with full system access.

Kusalananda
  • 333,661
dragonmnl
  • 2,239

2 Answers2

1

If an account has full system access then by definition you cannot stop it from doing anything it chooses.

You could theoretically write a kernel module that mediated attempts to change anything underneath /root on the root filesystem, and also refused to allow itself to be uninstalled, but there are still ways around this. Rebooting with a Rescue CD, for example, would bypass such a kernel module entirely.

Another solution might be a virtual machine having a root filesystem that reset itself to a known state each time it booted. This could be managed outside the context of the VM itself, and so unchangeable by any account inside it. You still wouldn't be able to prevent a root account inside the VM from changing things, but it probably wouldn't matter as you'd simply reset them on the next restart.

Chris Davies
  • 116,213
  • 16
  • 160
  • 287
  • thank you. It's a cloud set up so I don't think it can be bypassed and also wouldn't resetting the file system means any change made by anyone? – dragonmnl Sep 30 '20 at 08:55
-1

By definition the root user can do anything and everything on the system, including deleting/modifying other users.

while allowing each root user to install packages, changing file permissions etc. (but without them being able to affect the "sysadmin" or from removing them from the system)

What you're probably looking for is sudo set up such a way the user can manage the system without having full access to it.

You can set up sudo to allow to run:

  • apt install/update/upgrade/remove/purge
  • chown/chmod but only for certain directories/files
  • useradd/userdel/groupadd/groupdel

Another idea is to use virtualization (full or light, e.g. LXC/linux containers) and allow the user to have full access to a guest OS.

  • Not sure why your answer was downvoted. It seems reasonable to me if it's actually possible (customizing sudo behavior). How do you customize sudo to run only specific commands and only on specific directories as you suggested? – dragonmnl Sep 30 '20 at 08:56
  • @dragonmnl I've noticed there are people here on unix stackexchange who keep downvoting me because I happen to have quite unpopular yet reasonable opinions about Linux. Speaking of your question, here's how it can be approached: https://unix.stackexchange.com/a/44561 https://serverfault.com/a/281652 – Artem S. Tashkinov Sep 30 '20 at 10:04