I'm fairly new to linux and I have studied that one user can create and delete user. Suppose I logged in as root user and created two users A and B, now my question is that can user A delete user B and his home directory or vice versa using sudo deluser. If this is possible, shouldn't we consider it as a big blunder in linux. If this is not the case, suppose I log in user A and grant myself all permission on home directory of B and then delete user B or its files. Please tell me if this is possible. If yes, then how?
1 Answer
By default users can't access sudo
. To use it they must be added to /etc/sudoers
configuration file or to a group which is allowed access to sudo
in that file. This group is usually called sudo
or wheel
.
Without access to sudo
, they can't run sudo deluser
or take ownership of files they don't own.
You can safely try it yourself in a virtual machine.
-
2Users with
sudo
access have root powers, ie. full access to everything in the system. If someone can runsudo
, the answer to all questions is "yes". It's not a security loophole - you need such power to administer a system, for example to kick out users who abuse it.sudo
access must be granted with great care. Commented Feb 4, 2020 at 7:44 -
1I've already answered this question.
sudo
lets the user do everything the system is capable of. Commented Feb 4, 2020 at 8:42 -
2That is exactly the point of
sudo
. Think of a situation where a user is abusing the system and hundreds of other users can't use it efficiently, but administrators can't do anything about it. System administrator must have greater power than regular users.sudo
is not a toy and should only be available for users who can be trusted to make good use of it. Commented Feb 4, 2020 at 9:09 -
1By the way, if you have physical access to a computer, you can just remove the hard drive, connect it to another computer where you have root privileges and modify that hard drive to make yourself a root there too. It's not a security loophole, it's how computers work and it's taken into consideration in the design of UNIX security model. Limiting power of
sudo
doesn't make sense, it would only force you to use such workarounds in emergency situations. Commented Feb 4, 2020 at 9:13 -
3
sudo
is not a loophole since its scope is known and accepted. You givesudo
only to trusted people. You can also instead give access to some very specific commands that require root privs. If you don't trust the people who have root access on a system with your files, then don't put your files on it.– xenoidCommented Feb 4, 2020 at 9:14