Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Protect from rm /
Top Forums UNIX for Advanced & Expert Users Protect from rm / Post 88716 by scottsl on Tuesday 8th of November 2005 09:09:46 AM
Old 11-08-2005
Protect from rm /
We recently had an accidental delete from /. I hold the root password but others are allowed to sudo over to root to perform admin tasks. The only way I want to permit deletion from / is by physically being root (su -).

I'd like to add a line to the sudoers file which would permit all commands except rm from the / directory.

Could I use something like the following?

OPS ALL = !/usr/bin/rm / *,!/usr/bin/rm /usr *,!/usr/bin/rm /opt *

Thanks.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

protect dtterm

we have an hp-ux and a user requested me if i can password protect the dtterm. i know that this is possible but can you give me some hints in making this happen? thanks :cool: (2 Replies)
Discussion started by: inquirer
2 Replies

2. UNIX for Dummies Questions & Answers

Password protect a file

I have created a PHP page that I use to clean files on my machine. I would like to leave the file there but I want to password protect it so that I am the only one that can run it from the shell. Does anyone know how to do this? Thanks. -Cam (2 Replies)
Discussion started by: perryl7
2 Replies

3. UNIX for Dummies Questions & Answers

Protect Account UID = 0

Hello, Can someone give me some recommendations on how to protect this account? I understand that this account is an "operator" account and has root access. Thanks in advance (5 Replies)
Discussion started by: susie2345
5 Replies

4. Cybersecurity

on how to protect your website against hackers

Hi! Looking for some feed back on this tutorial... Thank you for checking out this thread. I'm working on some killer videos right now that will explain in detail how you can protect your website against hackers. The first part of the video series is live right now and it covers Cross-Site... (2 Replies)
Discussion started by: Arne1983
2 Replies

5. UNIX for Dummies Questions & Answers

Protect a Process from Being Killed

Hi, I have a process which takes 13-15 mins for execution and its getting killed in the meantime.So can you please helpme out how to protect the process from getting killed. Thanks in advance. Regards, Harika (9 Replies)
Discussion started by: harikagrp
9 Replies

6. UNIX for Advanced & Expert Users

protect process

how to protect my process from others to kill?? Double post, continued here, thread closed (0 Replies)
Discussion started by: samrintu
0 Replies

7. UNIX for Dummies Questions & Answers

Protect a file against touch

Afternoon, the stat command is used against a file to ascertain date created and last modification time. However a different individual if they so chose could use the touch command to alter the date created or modification time. Is there anyway to protect against this ? thanks Steve (2 Replies)
Discussion started by: sevans29
2 Replies

8. Cybersecurity

How to protect system from cloning?

Hello there, I would like to protect a Linux system from cloning, I don't mind if the cloned hard drive works in the same computer, but I need to avoid it to work in other one, even if it uses exactly same mainboard model and rest of computer parts. I want the cloned system to get frozen or... (4 Replies)
Discussion started by: Installimat
4 Replies

9. Shell Programming and Scripting

Password protect script

Is there a way to have a user be prompted for a password to open a file? I am trying to protect a bash script from being changed. Thank you :). (3 Replies)
Discussion started by: cmccabe
3 Replies

LEARN ABOUT DEBIAN

tpm_setpresence

tpm_setpresence(8)					      System Manager's Manual						tpm_setpresence(8)

							 TPM Management - tpm_setpresence

NAME

       tpm_setpresence- change TPM physical presence states or settings

SYNOPSIS

       tpm_setpresence [OPTION]

DESCRIPTION

       tpm_setpresence reports the status of the TPM's flags regarding physical presence.  This is the default behavior and also accessible via
       the --status option. Requesting a report of this status prompts for the owner password.	The --assert option changes the TPM to the
       physically present state.  The --clear option changes the TPM to the not present state.	The --lock option locks the TPM to the current
       physical presence state for the current boot cycle.  The --enable-cmd option allows the TPM to accept local commands to toggle physical
       presence states. The --disable-cmd option prevents the TPM from accepting local commands to toggle physical presence states.  The --enable-
       hw option allows the TPM to accept hardware signals to toggle physical presence states. The --disable-hw option prevents the TPM from
       accepting hardware signals to toggle physical presence states.  The --set-lifetime-lock option locks the Command and Hardware enablement
       flags in their current state permenantly.  This option can never be undone.  The system will attempt to use the owner password to display
       the current states before preceding unless the --yes option is given to answer yes to all questions.  All changes are made with the
       TSC_Physical Presence API.

       -h, --help
	      Display command usage info.

       -v, --version
	      Display command version info.

       -l, --log [none|error|info|debug]
	      Set logging level.

       -u, --unicode
	      Use TSS UNICODE encoding for passwords to comply with applications using TSS popup boxes

       -a, --assert
	      Assert that an admin is physically present at the machine.

       -c, --clear
	      Remove the assertion that an admin is physically present at the machine.

       --lock Lock the assertions of physical presence in there current states until a reboot.

       --enable-cmd
	      Allow use of commands to signal an admin is physically present.

       --disable-cmd
	      Disallow use of commands to signal an admin is physically present.

       --enable-hw
	      Allow use of hardware signals to signal an admin is physically present.

       --disable-hw
	      Disallow use of hardware signals to signal an admin is physically present.

       --set-lifetime-lock
	      Allow no further changes to the flags controling how physical presence can be signaled.  This is PERMANENT.

       -y, --yes
	      Answer yes to all questions.  Only applicable with --set-lifetime-lock.

       -z, --well-known
	      Authenticate using 20 bytes of zeros as owner password (the default TSS Well Known Secret), instead of prompting for an owner
	      password.

SEE ALSO

       tpm_version(1), tpm_setenable(8), tpm_setactive(8), tpm_setownable(8), tcsd(8)

REPORTING BUGS

       Report bugs to <trousers-users@lists.sourceforge.net>

TPM Management							    2005-05-06							tpm_setpresence(8)
All times are GMT -4. The time now is 01:23 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy