Hello,
I want a user to be in the sudoers file, but not be able to see the contents of a specific file.
What should I do?


Thank you.

Since this is in the "Security" forum, I'll suggest you give some thought to this. The main idea is that anyone you give superuser/sudo/elevated rights to on a system is someone you can TRUST. If you can't...you shouldn't be giving them those privileges.

But you CAN do what you're after...maybe. The sudoers file can be edited to allow only SOME commands to be run with elevated privileges, and some not to be run at all. So you could go in and edit sudoers to disallow running vi/emacs as sudo with that file name. For example:
...but that's pointless if you allow them to edit/run visudo, or allow them access to OTHER commands (like cp, mv, etc.), since they can just copy the file elsewhere, rename it, then look at it. There are also things you can do with sudoedit, or using ACL's, but it's a problem that has no real solution. Anyone with elevated rights has an attack vector that makes things easy. If they know what they're doing, you aren't going to keep them out.

This should require a lot of thought before you try to implement anything. Personally, I'd not user sudoers, but just encrypt the file and not give that person the password.

1 members found this post helpful.

Assuming you are talking about giving this user root privileges, and want them to be able to view every other file except for the one you are concerned about, that's going to require more than you can do (practically) in the sudoers file alone.

Encrypting the file is one thing. But when the files owner decrypts the file to use it, those decrypted contents will be in system memory which root can read. Yes, that will require a bit of system knowledge to get at, so it depends on how sophisticated this specific sudoer is to determine if this is a security concern worth bothering with.

If you give someone root access, you are giving them the keys to your kingdom. The only way to protect against them abusing their privilege is to move the file you are concerned about to a different kingdom (a different computer).

You can indeed give a sudoer very limited root privileges in the sudoers file. Permission to execute only a few specific commands. But it sounds like you are wanting what I mentioned above, "full root access, except for this one file". That is going to be difficult to implement. Encryption of the file is a good move, especially if your sudoer is not a crackerjack sysadmin that is used to dealing with raw system memory. Moving the file to a different computer takes it away from the sudoers direct grasp, but remember that if you access that remote from from the computer that the sudoer exists on, they still may be able to intercept your communications and see that file.

Also consider ACL's: https://www.redhat.com/sysadmin/linu...-control-lists

It may well be that you are looking at an "XY Problem", where you are expressing a problem in terms of what you think will solve it, versus the one that is most appropriate.

This requirement might reasonably be "parsed" thusly; "Why does this user need to be 'in the sudoers file'," yet not be allowed to access 'a particular object?'" It seems quite clear to me that 'the actual issue' has to do with "the security privileges that this user is entitled to have." If the user's capabilities and access are to be limited, then it is fairly axiomatic that he cannot be "rootly."

this should go in the other direction, you need to allow only what is really required, nothing more. (for example allow editing a single config file). But if you allowed everything you cannot deny access to only one file, that is impossible. And actually if you could somehow manage it the user will easily find another way to access that file.

Why? Which specific activities should that account be able to carry out?

If it is just one file you do not want the person to see, why not encrypt it with gpg, ccrypt or even use 7zip. You need passwords/passphrases when you do this and even root has no access without the passphrase. There are a number of sites explaining these options.

https://devconnected.com/how-to-encrypt-file-on-linux/

https://www.fosslinux.com/27018/best...s-in-linux.htm

Technically speaking, the ACL mechanism can be very specific. However, I echo my original "XY Problem" sentiment. If you launch a process successfully using "sudo," then that process runs with "root privileges." Therefore, if you want that process to be limited, especially in such a particular way, then "sudo" is categorically not the proper solution to the problem.

Also note: while the concept of "ACLs" is different between (network and native) filesystems, both in terms of how they work and what they can and cannot do, they are by-now pretty much supported everywhere. In other words, "you are not limited by the -rwxrwxrwx "Unix® file permissions mask." Your Mileage May Vary™ but this is the proper place to look – probably not "sudo."

You mean the user is able to open the file, but not able to see specific contents of the file?

File extension? Is it PDF, or what?

Maybe try changing the permissions to 777 for testing only and see how it goes.