how do i stop root from running a program

by joe Lovick   Last Updated August 13, 2019 20:02 PM - source

I would like to prevent my root user from running certain applications that can change the permissions of files which in turn prevents normal users from running those applications again.

for example, if i sudo to root, and then run thunderbird from the command prompt, it changes the permissions of files within my home dir / profile so i can no longer run it as a normal user; what i would like to do is prevent root from running thunderbird and hence stop this user error from repeating itself.

any suggestions?

to clarify,

if i have a lot of administration to do i use "sudo -s" which gives me a root shell, its just once a year or so, i shoot myself in the foot.

Tags : permissions root


Answers 4


If you have thunderbird installed locally, somewhere in your home directory then you could change the permissions to 500 so that only you can execute that program.

Run this on the executable

chmod 500 thunderbird

Also as TrailRider has said, don't run programs by prefixing sudo, it can be potentially dangerous. You can fix the permissions by changing the ownership of the thunderbird directory to your user name.

nikhil
nikhil
November 14, 2012 03:27 AM

I believe as this is a case of stopping a bone headed user shoot them selves in the foot that there is no easy way to do this. with great power comes great responability, and it would probably be best if learnt not to use sudo -s quite so often.

that being said, i am going to wrap a bash script around thunderbird, that checks the user name using whoami or $SUDO_USER and then aborts if it is an administrator. its not a general solution, but it will help in this isolated case.

joe Lovick
joe Lovick
November 14, 2012 15:24 PM

I have the habit of opening an extra session for root access with sudo su - and with a conspicuous prompt. This stops me from doing stupid things with sudo.

WalterS
WalterS
June 28, 2013 22:56 PM

Open up the program's source code, find main(), add the lines

if (geteuid() == 0) {
    fprintf(stderr, "Access by root is disabled.\n");
    exit(255);
}

recompile and install.

Joshua
Joshua
August 13, 2019 19:38 PM

Related Questions



Applications not running under root

Updated June 03, 2015 00:00 AM

Write permission denied when trying to save files

Updated July 11, 2015 14:01 PM

Unable to access the root directory

Updated July 28, 2015 17:01 PM