Restrict Roots permissions

Question

Is it possible to restrict what Root can do so that a user can not sudo a command or log in as root and run commands? I would like to change Roots and User1's Read, Write, and Execute permissions on /path/to/directory and all of its contents. But then give MyAdmin permission to modify that path. It would be great if only MyAdmin could change who can access or change the Read, Write, and Execute permissions of this path as well. Is this possible?

It would also be nice if User1 could still run commands like sudo apt get update but not sudo rm /path/to/dirctory

score 5 · Answer 1 · answered Dec 10 '21 at 05:06

5

You cannot restrict what root can do. Root can do anything and everything.

Be careful when deciding who you give root or sudo access.

answered Dec 10 '21 at 05:06

Nmath

12,664

score -2 · Answer 2 · edited Dec 10 '21 at 11:58

If you want to handle permissions, you probably should not soly rely on the builtin user mgmt. tools.

If you are looking to restrict access for a specific purpose(application), then you could just add that app as user(group gets created automatically).

If you have a different requirement, just reply to me :}.

Btw. you can specify which users can run which commands without passwords etc.

VISIT -> BEWARE - know what you are doing

command hint: sudo visudo

Restrict Roots permissions

2 Answers2