Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Questions about users management

  1. #1
    Join Date
    Feb 2021
    Beans
    5

    Questions about users management

    Hi,
    So I'm very new to Ubuntu, I have bene tasked with a installing and configuring a 20.04 Ubuntu.
    So everything is fine, but I would need to have 2 users, both with administrations rights (and different passwords), but independent. So they could not see/manipulate each others home/folder/files, the software that each one installs is not applied nor accessible from the other... etc

    Is this possible at all? I have been doing some tests in the Ubuntu settings, but I have not been able to do it

    Any advice would appreciated, thanks

  2. #2
    Join Date
    Aug 2011
    Location
    51.8° N 5.8° E
    Beans
    5,768
    Distro
    Xubuntu 20.04 Focal Fossa

    Re: Questions about users management

    Every user can set permissions on his own home directory and all files therein to grand or deny read, write and execute access of other users to those files and directories. However, an admin user (i.e., a user who can use sudo for arbitrary commands) can always override those permissions.

    Software installed in your home directory may be accessible to you only, if you wish so. Software installed system wide may be executable only for specific users, but this is messy. Software installed in the normal way is executable for all users. And again, any admin user can override this.

    Read this: https://help.ubuntu.com/community/FilePermissions

  3. #3
    Join Date
    Dec 2014
    Beans
    1,724

    Re: Questions about users management

    No, this isn't possible. There's actually only one account with full administrative permissions ('root', the user with id 0). Other users with administrative rights are allowed to act as root temporarily through use of the 'sudo' (or 'pkexec') command. Since being root means having full access to everything on the system, it isn't possible to block one user who can act as root from accessing the files of another user.

    Also the normal ways of installing programs (through .deb or .snap packages) install programs for all users on the system. The only way of installing programs in such a way that only one user can access this software would be to install from source into subdirectories of the $HOME of the user, which would make them inaccessible to other users which don't have administrative rights.

    The only way I can imagine doing something somewhat like that is two have to separate Ubuntus on the machine and select which one to boot using grub.

    Holger

  4. #4
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Questions about users management

    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags

  5. #5
    Join Date
    Jun 2010
    Location
    London, England
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Questions about users management

    The first user installed during the install process has administrator privileges, That user can install other users and give them administrator privileges or not. Every user who has administrator privileges can administer the operating system. All of it. That is the privilege an administrator is given.

    Perhaps you should think about having three users. One who is administrator and the other two who are standard users. Every installed operating system needs at least one administrator. Increase the number of users who have administrator privileges and the risk of malware being installed and viruses infecting the machine increases. A person does not need much skill to wreck a computer operating system even without administrator privileges. Fixing things is much more difficult. Some of us have learnt from experience that the easy fix is to reinstall.

    I suggest that there be a partition for data with each user having their own data folder that only they can access. Or even their own partition. Then you can reinstall without touching the data partitions. Of course, the administrator will have access to those user data partitions/folders.

    Regards.
    It is a machine. It is more stupid than we are. It will not stop us from doing stupid things.
    Ubuntu user #33,200. Linux user #530,530


  6. #6
    Join Date
    May 2010
    Beans
    1,200

    Re: Questions about users management

    Use the sudo group to give full admin access. Users with the ability to use sudo have full access so will be able to "see" the other user's data and access the files. This is exactly the same in Windows where administrators over a system can access everything on the system.

  7. #7
    Join Date
    Feb 2021
    Beans
    5

    Re: Questions about users management

    Thank you all. All replies have been extremely useful.

    Best regards

  8. #8
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Questions about users management

    Quote Originally Posted by nanoemp View Post
    Thank you all. All replies have been extremely useful.

    Best regards
    I think you need an OS that supports role-based administration to accomplish your needs. That is NOT Ubuntu.
    If you can specifically limit the things that the 2nd admin user can do, say to 20 things, you may be able to restrict the admin elevated access to exactly those 20 things and nothing else. Depending on those 20 things, a number of back doors which could provide full admin permissions could be possible, as many programs allow "shelling out". If the current userid has elevated to root privilege, then can open a shell from within that other tool, they can easily see other people's stuff and create a program to gain full admin access at any time in the future without using sudo.

    Let's just say that when I only had 5 yrs of Unix admin experience, I doubt I could have secured a setup as described above. I have done if for less than 5 specific needs and that did work out. We ended up controlling exactly all programs, all options, all access for those users, however.

  9. #9
    Join Date
    Feb 2021
    Beans
    10

    Re: Questions about users management

    When I manage the group, user and permission at UNIX and Linux OP.


    I use those command as below : You need to as superuser. You can study it how to use.
    You need to carefully use it when you as superuser you can do anything include kill yourself system.


    chgrp
    chown
    chmod

  10. #10
    Join Date
    Feb 2021
    Beans
    5

    Re: Questions about users management

    Thank you for the advice! At the end I think we'll just have an admin account and a local standard one. And maybe manage the permissions of particular folders individually.

    Thanks

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •