How can a new user be given write/chmod permissions to a single file and write/chmod permissions for that...












0















I have a friend (with root access) that wants to prevent himself from having write access to /etc/hosts. I'm wondering if he can create a new user, give me the passcode for that new user, grant that new user write permissions for the file and then remove write permissions and chmod permissions for that file from root. Is something like this or something similar in effect possible?






root chmod







share|improve this question























  • If it's a case of blocking access to web/internet hosts via /etc/hosts another possibility is to use something like OpenDNS - which you can set at the router. There are relatively easy workarounds, but that's true for /etc/hosts entries too.

    – pbhj
    Jan 3 at 16:49
















0















I have a friend (with root access) that wants to prevent himself from having write access to /etc/hosts. I'm wondering if he can create a new user, give me the passcode for that new user, grant that new user write permissions for the file and then remove write permissions and chmod permissions for that file from root. Is something like this or something similar in effect possible?






root chmod







share|improve this question























  • If it's a case of blocking access to web/internet hosts via /etc/hosts another possibility is to use something like OpenDNS - which you can set at the router. There are relatively easy workarounds, but that's true for /etc/hosts entries too.

    – pbhj
    Jan 3 at 16:49














0












0








0








I have a friend (with root access) that wants to prevent himself from having write access to /etc/hosts. I'm wondering if he can create a new user, give me the passcode for that new user, grant that new user write permissions for the file and then remove write permissions and chmod permissions for that file from root. Is something like this or something similar in effect possible?






root chmod







share|improve this question














I have a friend (with root access) that wants to prevent himself from having write access to /etc/hosts. I'm wondering if he can create a new user, give me the passcode for that new user, grant that new user write permissions for the file and then remove write permissions and chmod permissions for that file from root. Is something like this or something similar in effect possible?






root chmod




root chmod






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 3 at 15:55









BlandCorporationBlandCorporation

283414




283414













  • If it's a case of blocking access to web/internet hosts via /etc/hosts another possibility is to use something like OpenDNS - which you can set at the router. There are relatively easy workarounds, but that's true for /etc/hosts entries too.

    – pbhj
    Jan 3 at 16:49



















  • If it's a case of blocking access to web/internet hosts via /etc/hosts another possibility is to use something like OpenDNS - which you can set at the router. There are relatively easy workarounds, but that's true for /etc/hosts entries too.

    – pbhj
    Jan 3 at 16:49

















If it's a case of blocking access to web/internet hosts via /etc/hosts another possibility is to use something like OpenDNS - which you can set at the router. There are relatively easy workarounds, but that's true for /etc/hosts entries too.

– pbhj
Jan 3 at 16:49





If it's a case of blocking access to web/internet hosts via /etc/hosts another possibility is to use something like OpenDNS - which you can set at the router. There are relatively easy workarounds, but that's true for /etc/hosts entries too.

– pbhj
Jan 3 at 16:49










1 Answer
1






active

oldest

votes


















1














Nope, the root user can not possibly be restricted. If you have root access, you can do everything and also revert all kinds of protections one could think of.



Besides, you should normally not directly use the root account anyway but log in as regular user and use sudo to run single commands with elevated permissions. This also helps preventing some accidental changes, compared to always operating in a root shell.



To further protect against accidental modification, you could make the file immutable using 



sudo chattr +i /etc/hosts


to prevent modifications by everybody, including root and system processes (which might be something that could cause trouble depending on the file and what you're doing with it). But still, root can lift that protection again.



To sum it up, with great powers (root login or sudo access) comes great responsibility. If your friend thinks they must be prevented from altering system files like that, they should not have administrative access to the machine.






share|improve this answer
























  • Perhaps I've misread the situation but it's worth noting that modifications will be recorded, that the system can be set to log sudo commands; you could have off-site journals to get around local modification of log files, but it starts getting super convoluted IMO. (Maybe point a private webcam at the computer.)

    – pbhj
    Jan 3 at 16:54











  • An excellent, concise answer that covers all the bases. This is the right way to look at the problem.

    – user535733
    Jan 3 at 17:02













Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1106625%2fhow-can-a-new-user-be-given-write-chmod-permissions-to-a-single-file-and-write-c%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














Nope, the root user can not possibly be restricted. If you have root access, you can do everything and also revert all kinds of protections one could think of.



Besides, you should normally not directly use the root account anyway but log in as regular user and use sudo to run single commands with elevated permissions. This also helps preventing some accidental changes, compared to always operating in a root shell.



To further protect against accidental modification, you could make the file immutable using 



sudo chattr +i /etc/hosts


to prevent modifications by everybody, including root and system processes (which might be something that could cause trouble depending on the file and what you're doing with it). But still, root can lift that protection again.



To sum it up, with great powers (root login or sudo access) comes great responsibility. If your friend thinks they must be prevented from altering system files like that, they should not have administrative access to the machine.






share|improve this answer
























  • Perhaps I've misread the situation but it's worth noting that modifications will be recorded, that the system can be set to log sudo commands; you could have off-site journals to get around local modification of log files, but it starts getting super convoluted IMO. (Maybe point a private webcam at the computer.)

    – pbhj
    Jan 3 at 16:54











  • An excellent, concise answer that covers all the bases. This is the right way to look at the problem.

    – user535733
    Jan 3 at 17:02


















1














Nope, the root user can not possibly be restricted. If you have root access, you can do everything and also revert all kinds of protections one could think of.



Besides, you should normally not directly use the root account anyway but log in as regular user and use sudo to run single commands with elevated permissions. This also helps preventing some accidental changes, compared to always operating in a root shell.



To further protect against accidental modification, you could make the file immutable using 



sudo chattr +i /etc/hosts


to prevent modifications by everybody, including root and system processes (which might be something that could cause trouble depending on the file and what you're doing with it). But still, root can lift that protection again.



To sum it up, with great powers (root login or sudo access) comes great responsibility. If your friend thinks they must be prevented from altering system files like that, they should not have administrative access to the machine.






share|improve this answer
























  • Perhaps I've misread the situation but it's worth noting that modifications will be recorded, that the system can be set to log sudo commands; you could have off-site journals to get around local modification of log files, but it starts getting super convoluted IMO. (Maybe point a private webcam at the computer.)

    – pbhj
    Jan 3 at 16:54











  • An excellent, concise answer that covers all the bases. This is the right way to look at the problem.

    – user535733
    Jan 3 at 17:02
















1












1








1







Nope, the root user can not possibly be restricted. If you have root access, you can do everything and also revert all kinds of protections one could think of.



Besides, you should normally not directly use the root account anyway but log in as regular user and use sudo to run single commands with elevated permissions. This also helps preventing some accidental changes, compared to always operating in a root shell.



To further protect against accidental modification, you could make the file immutable using 



sudo chattr +i /etc/hosts


to prevent modifications by everybody, including root and system processes (which might be something that could cause trouble depending on the file and what you're doing with it). But still, root can lift that protection again.



To sum it up, with great powers (root login or sudo access) comes great responsibility. If your friend thinks they must be prevented from altering system files like that, they should not have administrative access to the machine.






share|improve this answer













Nope, the root user can not possibly be restricted. If you have root access, you can do everything and also revert all kinds of protections one could think of.



Besides, you should normally not directly use the root account anyway but log in as regular user and use sudo to run single commands with elevated permissions. This also helps preventing some accidental changes, compared to always operating in a root shell.



To further protect against accidental modification, you could make the file immutable using 



sudo chattr +i /etc/hosts


to prevent modifications by everybody, including root and system processes (which might be something that could cause trouble depending on the file and what you're doing with it). But still, root can lift that protection again.



To sum it up, with great powers (root login or sudo access) comes great responsibility. If your friend thinks they must be prevented from altering system files like that, they should not have administrative access to the machine.







share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 3 at 16:07









Byte CommanderByte Commander

63.7k26173292




63.7k26173292













  • Perhaps I've misread the situation but it's worth noting that modifications will be recorded, that the system can be set to log sudo commands; you could have off-site journals to get around local modification of log files, but it starts getting super convoluted IMO. (Maybe point a private webcam at the computer.)

    – pbhj
    Jan 3 at 16:54











  • An excellent, concise answer that covers all the bases. This is the right way to look at the problem.

    – user535733
    Jan 3 at 17:02





















  • Perhaps I've misread the situation but it's worth noting that modifications will be recorded, that the system can be set to log sudo commands; you could have off-site journals to get around local modification of log files, but it starts getting super convoluted IMO. (Maybe point a private webcam at the computer.)

    – pbhj
    Jan 3 at 16:54











  • An excellent, concise answer that covers all the bases. This is the right way to look at the problem.

    – user535733
    Jan 3 at 17:02



















Perhaps I've misread the situation but it's worth noting that modifications will be recorded, that the system can be set to log sudo commands; you could have off-site journals to get around local modification of log files, but it starts getting super convoluted IMO. (Maybe point a private webcam at the computer.)

– pbhj
Jan 3 at 16:54





Perhaps I've misread the situation but it's worth noting that modifications will be recorded, that the system can be set to log sudo commands; you could have off-site journals to get around local modification of log files, but it starts getting super convoluted IMO. (Maybe point a private webcam at the computer.)

– pbhj
Jan 3 at 16:54













An excellent, concise answer that covers all the bases. This is the right way to look at the problem.

– user535733
Jan 3 at 17:02







An excellent, concise answer that covers all the bases. This is the right way to look at the problem.

– user535733
Jan 3 at 17:02




















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1106625%2fhow-can-a-new-user-be-given-write-chmod-permissions-to-a-single-file-and-write-c%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Quarter-circle Tiles

Image
up vote 0 down vote favorite I have $99$ identical square tiles, each with a quarter-circle drawn on it like this: [asy] size(1.5cm); draw(Arc((2,0),1,90,180),red+1); draw((0,0)--(2,0)--(2,2)--(0,2)--(0,0)); [/asy] When I arrange the tiles in a $9times 11$ rectangular grid, each with a random orientation, what is the expected value of the number of full circles I form? I think this problem has to do with finding the chance any given 2x2 square has a circle, but I can't find it. expected-value share | cite | improve this question asked Nov 20 at 15:03 6minecraftninja 1 2
Read more

build a pushdown automaton that recognizes the reverse language of a given pushdown automaton?

Image
0 I think it's similiar to NFAs. I replace the finite states of the given automaton for start-states for my new automaton. I do it with $epsilon$ -transition from the start state to the actual finite states of the given automaton. The start state of the given automaton will be my accepting(finite) state of my new one. All transitions will be reversed of course to recognize the reversed word. But how do I have to change the stack of the pushdown automaton? That's tricky. formal-languages automata context-free-grammar share | cite | improve this question edited Nov 29 '18 at 14:20 joee
Read more

Mont Emei

Image
Mont Emei.mw-parser-output .entete.map{background-image:url("//upload.wikimedia.org/wikipedia/commons/7/7a/Picto_infobox_map.png")} Vue du sommet Wanfo du mont Emei Géographie Altitude 3 099  m , Wanfo Coordonnées 29° 31′ 11″ nord, 103° 19′ 57″ est Administration Pays   Chine Province Sichuan Ville-préfecture Leshan Géolocalisation sur la carte : Sichuan Mont Emei Géolocalisation sur la carte : Chine Mont Emei modifier   Paysage panoramique du mont Emei, incluant le paysage panoramique du grand Bouddha de Leshan *   Patrimoine mondial de l'UNESCO Passerelle en bois sur le versant ouest Pays   Chine Subdivision Sichuan Type Mixte Critères (iv) (vi) (x) Superficie 15 400 ha Numéro d’identification 779 Zone géographique Asie et Pacifique  ** Année d’inscription 1996 (20 e session) * Descriptif officiel UNESCO ** Classification géog
Read more