Friday Free Board Quiz – the prize is BB-CH340T – How to disable superuser rights in Linux?


BB-CH340T-1

BB-CH340T is USB to serial converter made for breadboarding as replacement of the FDTI nasty devices

You can win this board! To participate in the Quiz is enough to re-tweet the Twitter Quiz announcement message.

To double your chances you have to answer the Quiz question

The Quiz question is: How to disable root/superuser rights in Linux? (and please do not try this on your computer :D)

You have time to re-tweet and/or answer until Monday 7th of March.

In Monday we will post the correct answer and ask random.org to generate random number in range then announce the winner and ship the board by post/airmail.

Good Luck!

P.S. Last weekend we got note that someone made several fake accounts and re-tweet other people answers. C’mon guys the idea of this Quiz is to provoke you thinking and learn stuff which you may not know. Please do not spoil the idea, we had Weekend Programming Challenge before with the same goals and there were hundreds of peoples who participated without any prizes just because it was cool. For the quiz we traditionally started with prizes and will continue, but please do not cheat! LEARN and google research things you do not know, just reading other people answers is not good!

13 Comments (+add yours?)

  1. zoobab
    Mar 04, 2016 @ 18:32:50

    Everybody uses microUSB those days. Hard to even find a miniUSB.

    Plus there are interesting pins (DTR, CTS, etc) which can be used for other things like toggling, too bad all the pins are not available on some other pins or breakout:

    https://github.com/zoobab/toggledtr

    Reply

  2. Lorenzo
    Mar 05, 2016 @ 00:08:02

    “How to disable root/superuser rights in Linux” is a vague and poor definition for a competition. As root, you can simple edit the /etc/shadow file and put a simple “%&$£#ç*#” string in place of the root’s password, then logoff. This is a sophisticated solution. A simple “rm *” as root user in /etc works better, I did a long time ago and I still remember. A better strong task is “How to disable root/superuser rights in Linux without root rights”. I found a solution long time ago but I do not remember… other users still remember it…

    Reply

  3. drJeckyll
    Mar 05, 2016 @ 09:21:41

    @Lorenzo: rm thing will break you system. There is better ways to f** it up so … Then “%&$£#ç*#” is not so simple … better use just ! or * in shadow just like man 5 shadow shays. (passwd -dl do the same). But this will disable only login with password, not root itself. You can log with ssh for example with keys enabled, or with some user and then use sudo gimmick.

    Better way (in combination with disabling password) is also to change shell in /etc/passwd. Use some invalid shell or /sbin/nologin or whatever your system use. This however will not disable ftp access, but who have ftp via root anyway and if password is disabled this will work …

    If you want to disable ssh root logins you can PermitRootLogin no, which if you already disable shell is not needed.

    Good idea is to remove sudo, or disable root there. Same for su.

    And also remove all suid binaries which will break system in some cases.

    But I agree that question is little bit misleading … it says superuser rights, but for who? users, files/folders? it doesn’t says if the system must be useful after this or not. And then again you can reboot and easily become root … anyway you can’t run linux without root account
    root 1 0.0 0.0 4188 1456 ? Ss 08:47 0:00 init [3]
    … or you can?

    Reply

  4. Kees Zagers
    Mar 05, 2016 @ 12:33:37

    I think the best and most simple way to do this is: Hard format your disk, because after some time you have to install the software again anyway🙂

    Reply

  5. bremenpl
    Mar 05, 2016 @ 13:25:15

    Remove the user from sudoers😀

    Reply

  6. bria
    Mar 05, 2016 @ 14:52:40

    There are multiple ways, depending what your goal is.
    As said in other comments : disabling sudoers (remove the sudo package, modifying the sudoers files…). You can try to remove the password of root (but it wouldn’t do any good for a ssh-key, and a ssh with permitRootLogin without-password ou yes).
    you could even removing the first line in passwd and shadow (not sure this will work well, never tried).

    The most beautiful way, and complicate, will be to use MAC to prevent the root user to do anything we doesn’t want he do. A selinux policy, where root must take a new security profile to do any superuser role🙂

    Another , less system-wide, will be to give him access to a restricted shell with capabilities, getting him only the rights he needs to his work.

    Another usage, if we want to prevent an user to do any harm to our system but letting him do what he want, would be to give him a container (the next container technology in linux will permet to have “false root” : root in the container, but an unpriviledge user in reality in the host

    Reply

  7. PT
    Mar 05, 2016 @ 19:59:53

    Your question doesn’t make sense at all. You simply cannot disable “superuser rights”. You can disable root user to log in, but some processes will always run under root.

    To disable superuser loging in, just change the respective shell in /etc/passwd to /bin/false.

    Reply

  8. bria
    Mar 05, 2016 @ 22:57:08

    @PT
    su – –shell=/bin/bash🙂

    Reply

  9. drJeckyll
    Mar 06, 2016 @ 09:50:45

    @bria: nope. This will not work unless you are already root. see man su for –shell. su will return Permission denied. Just try it🙂

    Reply

  10. Benjamin
    Mar 06, 2016 @ 11:39:38

    The question is a bit vague so I have a few answers. To block say user1 from using sudo you could remove them from the sudo group with $ sudo deluser user1 sudo

    If the goal is to block the root account you could lock it with $sudo passwd -l root

    You can probably remove superuser rights from all users by removing the lines similar to the ones below from /etc/sudoers:
    %root ALL=(ALL:ALL) ALL
    %sudo ALL=(ALL:ALL) ALL

    Reply

  11. Kaloyan
    Mar 06, 2016 @ 17:06:06

    Remove user from /etc/sudoers, using visudo command.

    Reply

  12. andrea
    Mar 07, 2016 @ 11:30:33

    The best answer i could say, is “explore” the “linux capabilities”:
    http://man7.org/linux/man-pages/man7/capabilities.7.html
    like in this example on ping:
    http://linux-audit.com/linux-capabilities-hardening-linux-binaries-by-removing-setuid/

    BTW the ping example is just to get an idea, not very relevant in itself as in my Debian Jessie is already NOT “setuid root” anymore..

    Reply

  13. Goffredo Baroncelli
    Mar 07, 2016 @ 14:17:45

    I agree that the question is not well formed. However, one solution that I didn’t saw from the proposed ones, is to change the uid of the root line in the /etc/passwd file. So when an user is logged as root, the its uid will not be 0.

    This will disable all the sudo/telnet/ssh/su way of changing the UID.

    But this is different from *disabling* the root privileges: doing so an user is not capable to *gain* the root privileges.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: