On an Ubuntu workstation with multiple profiles, how do you limit root access to specific profiles.
Asked
Active
Viewed 2,798 times
2 Answers
1
You can limit root access in several ways:
- You can configure sudo to allow access to only some, but not all commands. Take care with this as sometimes this may allow shell access (for example running vim as root with sudo -> vim will then allow shell access).
For details see https://www.sudo.ws/man/sudoers.man.html, there are entire sections on how to configure sudo to allow access to a limited set of commands, by user, by group, and by alias.
- You can limit root with apparmor.
See discussions on Simple & easy way to jail users and http://blog.bodhizazen.com/linux/shared-ssh-sessions-update-for-jaunty-ubuntu-904/
If you have a specific problem with either method, revise your question or better ask a more specific question.
On other systems you can limit root with similar tools such as selinux - see http://www.engardelinux.org/ Engarde Linux restricts root with selinux ;)
- You can restrict access to data via encryption.
Panther
- 104,528
0
Only users inside of the sudo group can use it.
If you don't want users to be able to use root commands, you can delete them from the group sudo with deluser user sudo
