You are not logged in.

#1 2013-03-23 21:56:17

6ng4n
Member
Registered: 2012-02-07
Posts: 74

Changing ownings of applications

For security reasons, I want to deny access to system executables (like systemctl) by creating a adminusers group and setting owner info root:adminusers and permissions to 750. May that cause a problem, like pacman errors about permissions.

Offline

#2 2013-03-23 22:02:45

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,079

Re: Changing ownings of applications

systemctl requires elevated permissions. Can't you just change the root password and not share it with anyone. Oh and don't provide NOPASSWD sudo access to any user that you don't want messing with the system.


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#3 2013-03-23 22:53:37

6ng4n
Member
Registered: 2012-02-07
Posts: 74

Re: Changing ownings of applications

Try that:

systemctl reboot

It can be done by non-root user. Of course I've a strong pass and sudo access for only wheel members

Last edited by 6ng4n (2013-03-23 22:53:48)

Offline

#4 2013-03-23 23:28:10

cookies
Member
Registered: 2013-01-17
Posts: 253

Re: Changing ownings of applications

That should not be a problem, https://wiki.archlinux.org/index.php/Sy … management

If it is, you may just start an additional session.

There may be better solutions but I haven't checked, since I don't need that feature right now.

Last edited by cookies (2013-03-23 23:28:38)

Offline

#5 2013-03-23 23:54:08

65kid
Member
From: Germany
Registered: 2011-01-26
Posts: 663

Re: Changing ownings of applications

6ng4n wrote:

Try that:

systemctl reboot

It can be done by non-root user. Of course I've a strong pass and sudo access for only wheel members

Even if you change the permissions of the executable the user would still be able to reboot by sending the corresponding dbus signal. The right approach in this case would be to write a polkit rule to not allow the corresponding logind action.

$ man polkit
$ pkaction | grep login1

Offline

#6 2013-03-24 02:51:02

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,079

Re: Changing ownings of applications

6ng4n wrote:

Try that:

systemctl reboot

It can be done by non-root user. Of course I've a strong pass and sudo access for only wheel members

So you don't even want people to reboot their machines ?


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#7 2013-03-29 18:45:36

6ng4n
Member
Registered: 2012-02-07
Posts: 74

Re: Changing ownings of applications

Yes I want only root to reboot machine. (Wheel members too, for sure)

Offline

Board footer

Powered by FluxBB