5

There's a 22.04.1 system which I'm the sole user (thus root) which I'm considering leaving to someone else. There's a chance I'll take the system back, in which case it would be nice to have things the way I left them for me, but it's slim. What I'd really like is to create a role that basically be root with the exception to not be able to lower/diminish any privilege of mine nor be able to look in my profile folder nor my settings (ie browser history).

Is there a way to create such a quasi-root user profile?

David Spillett
  • 183
DynV
  • 59
  • 1
  • 6

4 Answers4

18

No, you can't do this.

If you give someone physical access, they can do whatever they want.

Similarly, if you add another user to sudoers they can obtain the same privileges as a root user.

Even if you could somehow do what you're asking, there's no way the device is going to be returned to you with everything exactly how it was. That's also setting quite an unrealistic expectation of whoever you're allowing to use the device.

Why don't you just make a backup or take a system image?

FYI, just because you are the sole user, does not make that user root. root login is disabled in Ubuntu by default.

Nmath
  • 12,664
10

Rule one of security: If someone has physical access to a system, they control that system.

You can do all you want with fancy access control, but that’s all useless if someone else has physical access to the system. They could boot some other OS on it and access the data that way. They could remove the persistent storage device and put it in another system to access it. They could just wipe the whole system.

And this is all ignoring that nothing equivalent to what you want is easily doable on Linux. It’s technically possible to achieve something like what you’re asking for with SELinux in MCS mode, but setting it up requires a vast amount of knowledge about SELinux and Linux in general, and it’s pretty much certain to break an Ubuntu system.

The correct solution here is to do a full system image (essentially clone the disk), and then do a clean install. That way the other person cannot access any of your files (because they don’t exist on the system anymore), and if you take the laptop back you can just use the system image you created to restore it to the state it was in before you gave it to them.

Austin Hemmelgarn
  • 1,034
3

This is something of a ‘background’ answer.

Others have noted that what you are looking for is infeasible, if someone has physical access. There's another reason why you can't control the privileges of a unix user, though...

Unix doesn't have ‘privileges’.

The traditional unix security model is:

  • Access to the filesystem, or filesystem-like things, is controlled by the user/group/other model.
  • ...but processes with UID 0 are exempt from checking.

That is, it's not that root has ‘high privilege’, but permissions checks are simply skipped, wholesale, for processes with UID 0. There is nothing between ‘ordinary user’ and ‘free pass to do everything’ (‘Hello, I'm root, can I...?’ – ‘Yes!’).

One exception (others mentioned this) is systems which have a MAC component, such as SELinux, or the TrustedBSD framework used in macOS amongst others (yes, Macs have MACs!). Here, access controls, with ACLs, are built in to the kernel, and root/UID-0 processes are subject to those controls, just like any other. For the purposes of this answer, I'm taking those to be something of an add-on (and this is why I said ‘traditional’ above).

Another exception appears to be sudo. But that's not a way of manipulating privileges, but simply a suid-root program (ie, a userland add-on) which will let certain users create a UID-0 process... which is therefore exempt from checking. This walks and quacks like a privilege system, but it isn't really one.

Depending on your tastes, this situation is elegantly minimalist, or how-can-they-have-got-away-with-it brainless (my vote is for the former).

Other well-known systems with real privilege systems are VMS, with an intricate set of privileges and permissions (of which the only one that really mattered was SETPRV, the privilege to give yourself privileges (I never managed to get anyone to give me that bit)), or Windows which, because of its designer, inherited important parts of the VMS conceptual architecture.

(To get back to your original question, the real answer, as others have said, is to take a backup or image of the box, and restore that if and when you take back the machine).

Norman Gray
  • 151
  • 3
1

You want to both be root?

Yes, kind of. It's dirty and a bit hacky.

Add a user newuser and then move the users entry in /etc/passwd to the top. Change the userid of newuser to 0. If you already have a home directory created, then you have to fix the permissions too with chown -R newuser: /home/newuser. Otherwise create them with the correct permissons.

Now you can connect to your server with newuseror root - both in effect being root, but not sharing a home directory.

Drawbacks:

  • Even if connected as root the system will show newuser in the prompt and file permissions.
  • There is, of course, no security whatsoever between both accounts.

You want your files to be safe from the other user?

Encrypt your home partiton with a password. Then the files are unreadable, even for root. Here is an answer how to do that with encryptfs

https://askubuntu.com/a/1029330/783023

And another HowTo here

https://www.linuxuprising.com/2018/04/how-to-encrypt-home-folder-in-ubuntu.html

You don't want the other user to be able to mess with your user or your files?

Well, you can't. Giving someone root access means they can delete your user and files, even if encrypted.

Giving them physical access, even if they don't have a root account, also means your user and files are not safe from deletion.

Community
  • 1
Robert Riedl
  • 4,401