33

I am sharing my personal Ubuntu PC with one of my colleagues.

I created another user with a different password (he knows of course) and added it to the sudoer list.

Given that there are two sudo users in a single Ubuntu system:

  • Are the private files (specified by owners and permissions) of any of these users still private?

  • Can I modify my colleague's files via sudo command, even sudo su, or vice versa?

hat
  • 233

6 Answers6

51

If your colleague is in the sudoers list he is root as much as you if he wants it (and he can impersonate you too), and then he can see everything.

This is the worst setup you can have if you want user privacy. You should definitively read into how user management on Linux works. Here are a few articles yo can start with:

And even then if someone has physical access to the machine in question, there is no privacy, he could drop at boot into a root shell and see everything no matter what, and if this would be password protected he could still use an USB stick and go in on this way.

So best thing in that case is proper user management, password for root, and encrypted drive and/or encrypted home directories.

Videonauth
  • 33,815
19

A simple alternative is to keep your private data in an encrypted file (could be a tar archive file, that you encrypt, for example with gpg). You must remember to overwrite and remove the clear text files after looking at them.

Another alternative for all of you who share a computer and sudo (root) access is to use encrypted home and encrypted swap.

But this will not help, if you are logged in at the same time. As a matter of fact you have to reboot the computer to get rid of your files in clear text format even with encrypted home.


In general security is very difficult, and a single user system with encrypted disk (LVM with encryption) would be the simplest way to keep things secure.

  • Do not store sensitive private data in a shared computer
  • Do not store private data in a computer that belongs to your employer
sudodus
  • 47,684
8

Once you are able to get root permissions (e.g. using sudo ,su,etc).
You have full access to every file on the system.

So both of the users which have sudo permission, and can became root using sudo bash will have full access to every file on the system

According to this Q&A in SE-Security: You might be able to modify SELinux (which isn't Ubuntu) in order to limit root access:

If your question is "can I easily and safely do this now?" the answer is no. If your answer is "I am prepared to learn about SELinux, get down and dirty with my distribution and put up with quite a lot of things not working" the answer is it is possible to constrain root much more than your average install. That said, this does not in any way make you invulnerable to exploits - it does not make it impossible for a user to circumvent this extra access control either in software or physically.

Yaron
  • 13,453
5

To make what the other answers already stated perfectly clear: That other user is not only "root as much as you" (Videonauth's answer), they can also become you (switch to your user account).

This is because with superuser privileges, one can switch to any account.

You probably know

sudo su

which is one option of opening a root shell if root does not have a password set (so you can't just log in as root directly).

su is short for "switch user". What user does it switch to? None is stated, right? But from the man page, we can learn that:

Invoked without a username, su defaults to becoming the superuser.

So this effectively is

sudo su root

if you didn't rename root to something else.

If you just run su <someuser>, you will be prompted for a password. So if you run su root, you're prompted for root's password (which doesn't exist in Ubuntu by default, so you can't log in (note that no password being set means there is no means of logging in via a password which is different from the password being the empty string)). But if you run sudo su root, you're prompted for your own password. And you're only prompted for it by sudo. Once sudo received your password, it runs the command it received as parameters with superuser privileges. As one is able to switch to any account when having superuser privileges, a password prompt is not necessary.

So by executing

sudo su <yourusername>

, the other sudoer can log in as you.

UTF-8
  • 5,910
  • 10
  • 34
  • 68
3

It is possible to limit the programs that can be run using sudo privilege escalation by editing the sudoers file (/etc/sudoers).

See the accepted answer to this question on Super User for further details and also here on Unix and Linux. See the answer by slm for a suggestion on limiting privileges in /etc/sudoers.

Also check the sudoers man page by typing man sudoers and don't forget to test it out. Remember that with unfettered sudo access a user can fully impersonate any other user. e.g, if user foo were to run the command

sudo exec su - bar

they would then be able to act as user bar, with all that user's privileges.

Zanna
  • 72,312
charmer
  • 49
0

Previous answers don't apply fully, if you marked encrypt home folder while installing Ubuntu. This guarantees encrypted home folders for every user, even so root can't read the data without the proper password of the user/owner of that home folder. Your collegue would need to change your password to read the files, which would be noticed.

And of course the people are right, that sharing machines with valuable or sensitive data on it and on top of it root access with colleagues , is not a good idea.

Depending on the value of this data, I'd suggest to ask for you own machine.

s1mmel
  • 2,124