[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Permissions on NFS mounts

On Thu, Dec 10, 2020 at 04:48:36PM +0300, Reco wrote:
I just like to remind you the original question:

Is there a way to put an account "beyond use", in any way including su,
sudo etc,

*In any way* includes the way I've described above IMO.

So you're asking if there's a way to prevent someone from using sudo to do something sudo has been specifically configured to do? Kind of a weird question, IMO. If you don't want to allow someone to sudo to a particular user then...don't configure sudo to allow them to do that.

Also worth pointing out that having a passwd entry isn't even relevant to whether root can setuid. At some point if you've provided enough rope then setting a bunch of artificial constraints for the sake of argument is just a waste of time.

# id
uid=0(root) gid=0(root) groups=0(root)
# id 1234
id: ‘1234’: no such user
# python3 -c 'import os; os.setuid(1234); os.execl("/bin/bash", "bash")'
$ id
uid=1234 gid=0(root) groups=0(root)

Reply to: