Re: Permissions on NFS mounts
On Thu, Dec 10, 2020 at 04:48:36PM +0300, Reco wrote:
I just like to remind you the original question:
Is there a way to put an account "beyond use", in any way including su,
*In any way* includes the way I've described above IMO.
So you're asking if there's a way to prevent someone from using sudo to
do something sudo has been specifically configured to do? Kind of a
weird question, IMO. If you don't want to allow someone to sudo to a
particular user then...don't configure sudo to allow them to do that.
Also worth pointing out that having a passwd entry isn't even relevant
to whether root can setuid. At some point if you've provided enough rope
then setting a bunch of artificial constraints for the sake of argument
is just a waste of time.
uid=0(root) gid=0(root) groups=0(root)
# id 1234
id: ‘1234’: no such user
# python3 -c 'import os; os.setuid(1234); os.execl("/bin/bash", "bash")'
uid=1234 gid=0(root) groups=0(root)