0

I'm fairly new to linux and I have studied that one user can create and delete user. Suppose I logged in as root user and created two users A and B, now my question is that can user A delete user B and his home directory or vice versa using sudo deluser. If this is possible, shouldn't we consider it as a big blunder in linux. If this is not the case, suppose I log in user A and grant myself all permission on home directory of B and then delete user B or its files. Please tell me if this is possible. If yes, then how?

Improve this question

1 Answer 1

Reset to default
2

By default users can't access sudo. To use it they must be added to /etc/sudoers configuration file or to a group which is allowed access to sudo in that file. This group is usually called sudo or wheel.

Without access to sudo, they can't run sudo deluser or take ownership of files they don't own.

You can safely try it yourself in a virtual machine.

Improve this answer
15
  • 2
    Users with sudo access have root powers, ie. full access to everything in the system. If someone can run sudo, the answer to all questions is "yes". It's not a security loophole - you need such power to administer a system, for example to kick out users who abuse it. sudo access must be granted with great care.
    – gronostaj
    Commented Feb 4, 2020 at 7:44
  • 1
    I've already answered this question. sudo lets the user do everything the system is capable of.
    – gronostaj
    Commented Feb 4, 2020 at 8:42
  • 2
    That is exactly the point of sudo. Think of a situation where a user is abusing the system and hundreds of other users can't use it efficiently, but administrators can't do anything about it. System administrator must have greater power than regular users. sudo is not a toy and should only be available for users who can be trusted to make good use of it.
    – gronostaj
    Commented Feb 4, 2020 at 9:09
  • 1
    By the way, if you have physical access to a computer, you can just remove the hard drive, connect it to another computer where you have root privileges and modify that hard drive to make yourself a root there too. It's not a security loophole, it's how computers work and it's taken into consideration in the design of UNIX security model. Limiting power of sudo doesn't make sense, it would only force you to use such workarounds in emergency situations.
    – gronostaj
    Commented Feb 4, 2020 at 9:13
  • 3
    sudo is not a loophole since its scope is known and accepted. You give sudo only to trusted people. You can also instead give access to some very specific commands that require root privs. If you don't trust the people who have root access on a system with your files, then don't put your files on it.
    – xenoid
    Commented Feb 4, 2020 at 9:14

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .