Scribd
Upload
56 views4 pages

Granting Read Permissions To Root Directory Best Practices and Alternative Approaches

This document discusses options for granting a new user read access to the root directory in an Ubuntu server. It recommends against giving a user permission to read /root due to security risks. As a more secure alternative, it explains how to mount the root directory as read-only, preventing changes while allowing read access. This involves editing /etc/fstab to change the mount option for / from rw to ro, and remounting.

Uploaded by

Gabriel Díaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
56 views4 pages

Granting Read Permissions To Root Directory Best Practices and Alternative Approaches

This document discusses options for granting a new user read access to the root directory in an Ubuntu server. It recommends against giving a user permission to read /root due to security risks. As a more secure alternative, it explains how to mount the root directory as read-only, preventing changes while allowing read access. This involves editing /etc/fstab to change the mount option for / from rw to ro, and remounting.

Uploaded by

Gabriel Díaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

in an Ubuntu Server i want to give a new user permission to read /root, is this

possible? provide the bash commands to do this and if this is not the best way
provide other options

It is generally considered bad practice to give a new user permission to read the root
directory (/root) on a Linux system. This could lead to security risks and allow the
user to access sensitive system files and information.

However, if you still need to grant read permissions to the root directory for a specific
user, you can do so by using the following steps:

1. Create a new user:

sudo adduser new_user

2. Add the new user to the sudo group:

sudo usermod -aG sudo new_user

3. Edit the /etc/sudoers file:

sudo visudo

4. Add the following line to the end of the file:

new_user ALL=(root) NOPASSWD: /bin/cat /root/*

This line allows the user new_user to read all files in the root directory without
entering a password.

Note: This is a very insecure configuration and should only be used in exceptional
circumstances. It is strongly recommended to use other methods to grant access to
specific files or directories, such as setting up file permissions or using access
control lists (ACLs).
Here are some alternative options to consider:

Create a new group and add the new user to that group. Then, set the
permissions on the root directory to allow read access to that group.
Use ACLs to grant the new user read access to specific files or directories in the
root directory.
Mount the root directory as a read-only filesystem. This will prevent the new
user from making any changes to the root directory.

These options provide a more secure way to grant access to the root directory while
still maintaining control over what the new user can access.

Explain how to Mount the root directory as a read-only filesystem.

To mount the root directory as a read-only filesystem, you can follow these steps:

1. Edit the /etc/fstab file:

sudo vi /etc/fstab

2. Find the line that mounts the root filesystem. It will typically look something like
this:

UUID=00000000-0000-0000-0000-000000000000 / ext4 rw 0 1

3. Change the rw (read-write) option to ro (read-only):

UUID=00000000-0000-0000-0000-000000000000 / ext4 ro 0 1

4. Save the changes to the file and exit the editor.


5. Remount the root filesystem with the new read-only option:

sudo mount -o remount,ro /

This will remount the root filesystem as read-only, preventing any changes from
being made to it.
Note: This will also prevent the system from being able to update itself, so it is
important to make sure that all necessary updates have been installed before
mounting the root filesystem as read-only.

To remount the root filesystem as read-write, simply edit the /etc/fstab file again
and change the ro option back to rw . Then, remount the root filesystem with the
new read-write option:

sudo mount -o remount,rw /

This will allow the system to make changes to the root filesystem again.

How can i add more commands in the sudoers option? (cd, less, ls, cat)

To add more commands to the sudoers option for the new_user , you can edit the
/etc/sudoers file again and add additional lines similar to the one you added for
the cat command. Here's an example:

new_user ALL=(root) NOPASSWD: /bin/cd, /usr/bin/less, /bin/ls,


/bin/cat /root/*

This line allows the user new_user to run the cd , less , ls , and cat commands
with root privileges without entering a password. You can add additional commands
to this line as needed, separating them with commas.

Note: It is important to carefully consider which commands you grant root privileges
for, as this could pose a security risk if the user is able to execute malicious
commands.

Here's a breakdown of the commands you mentioned:

cd : Change directory.
less : View the contents of a file one page at a time.
ls : List the contents of a directory.
cat : Concatenate and print the contents of files.
By granting the new_user permission to use these commands with root privileges,
you are allowing them to navigate the filesystem, view the contents of files, and
potentially make changes to the system. Therefore, it is important to only grant these
permissions if absolutely necessary and to monitor the user's activity to ensure that
they are not abusing their privileges.

You might also like