"Lock" one specific file so that I nor root no longer have access to it any more
Solution 1
You can lock a file so not even root user can edit it.
sudo chattr +i /etc/hosts
Stop reading this answer until after you exams :)
Then you unlock the file again using
sudo chattr -i /etc/hosts
Solution 2
Ultimately, if root access is available, there is no foolproof way to stop a smart user from doing what they want. I do not think that there is a way to do this, other than to relinquish root access.
Solution 3
You could set up another user account that is a regular desktop user than cannot use sudo. Then get your mate to come round and log in as you on your existing account, edit the /etc/hosts file, then reset your password without telling you what it is and log out.
Then you have to use the new account, which does not have the rights to edit /etc/hosts.
You will still need to exercise will power though to stop you from booting from a live CD/USB.
Solution 4
As an alternative, the same time you make your /etc/hosts
file, you could also edit the /etc/sudoers
file or just remove your user from the admin
group. Changing group is probably easier.
You should probably build a safe-guard so that you can add yourself back to the group. I suggest adding something in /etc/rc.local
or something in a wake script (quicker than doing a full reboot).
If the worst happens and you are locked out, you can boot to recovery mode (in grub) and use the root console to manually add your user back to the admin
group.
Related videos on Youtube
BioGeek
Just Another Genome Hacker, Sadly, my most voted-up answer on Stackoverflow (311 votes) belonged to a question that later got deleted. The question came from a girl that asked for something cute that she could put on the icing of a birthday cake for her programmer boyfriend. I suggested that, if her boyfriend is somewhat mathematically inclined, she write the following: sin(t) √|cos(t)| r = __________________ - 2 sin(t) + 2 sin(t) + 7/5 If he doesn't get it at first, she could tease him with saying that it is obvious that he should take the polar plot of it. If he still doesn't get it, she should tell him to enter it in WolframAlpha, that should yield the result:
Updated on September 18, 2022Comments
-
BioGeek almost 2 years
To combat procrastination, I edit my
/etc/hosts
file by adding time-wasting websites and pointing them tolocalhost
. However, the flesh is weak and I often find myself reverting my changes.I was thinking of the following solution, but I don't know if it is technically possible.
I would ask a trusted friend to come over, create a new account with a strong password that I don't know, change the owner and permissions of the
/etc/hosts
file so that only that new user can change that file and that I nor root no longer have access to it.The use case would be that I ask my friend to come over before the exam period, he changes the file and puts the procrastination blocking measures in place, and that during the time I need to study I have no way of editing the file myself. After the exam period is over, I ask him to 'unlock' the file and I can browse freely again.
-
Oli almost 13 yearsYou could delete
/usr/bin/chattr
after locking your hosts and restore it after your exams. Might break everything though. -
BioGeek almost 13 yearsI didn't know about the
chattr
command, but the initial problem remains: I want to protect me from myself. If I know there is a way to unlock/restore the file before the exams, I probably will. Therefore I am still looking for a solution where only a third party can grant me access to that file. Thanks. -
BioGeek almost 13 yearsI don't think removing myself from the
/etc/sudoers
file is an ideal solution: I still want to be able to perform other system tasks like installing software, etc. I just don't want to be able to change/etc/hosts
any more unless an outside party grants me access to that file. Any solution where I can add myself back to theadmin
group defeats the point, because I will probably end up doing that before the exams end. Thanks. -
Oli almost 13 yearsInstalling software can be done with policykit. For example you can already request updates through
update-manager
which is otherwise a root-only endeavour. As for stopping yourself - you could create an admin user that only your friend can use to log in and re-add you as an admin. -
djeikyb almost 13 yearsI would amend this to "Ultimately, if physical access is available...". Procrastination is easy as a livecd.
-
Richard Holloway almost 13 yearsAs long as you have root access you cannot do this. Even if there were a way, you still have physical access to the machine and can boot the machine from a rescue/live cd/usb and edit the files. I will post another answer.
-
brobrobrobrobro almost 13 yearsTrue. I had not thought of that.
-
technosaurus over 10 yearsJust modify the source of your init process to force the chattr (polling or via inotify). Then you would have to boot with a live cd to change it, to counter that you can store it as a string in init and generate it on startup inside init. Personally I'd use an inotify watch on the file to replace it with the internal string on any inotify event.