"Lock" one specific file so that I nor root no longer have access to it any more

permissions hosts lock
11,454

Solution 1

You can lock a file so not even root user can edit it.

sudo chattr +i /etc/hosts

Stop reading this answer until after you exams :)

Then you unlock the file again using 

sudo chattr -i /etc/hosts

Solution 2

Ultimately, if root access is available, there is no foolproof way to stop a smart user from doing what they want. I do not think that there is a way to do this, other than to relinquish root access.

Solution 3

You could set up another user account that is a regular desktop user than cannot use sudo. Then get your mate to come round and log in as you on your existing account, edit the /etc/hosts file, then reset your password without telling you what it is and log out.

Then you have to use the new account, which does not have the rights to edit /etc/hosts.

You will still need to exercise will power though to stop you from booting from a live CD/USB.

Solution 4

As an alternative, the same time you make your /etc/hosts file, you could also edit the /etc/sudoers file or just remove your user from the admin group. Changing group is probably easier.

You should probably build a safe-guard so that you can add yourself back to the group. I suggest adding something in /etc/rc.local or something in a wake script (quicker than doing a full reboot).

If the worst happens and you are locked out, you can boot to recovery mode (in grub) and use the root console to manually add your user back to the admin group.

Share:
11,454

Related videos on Youtube

BioGeek
Author by

BioGeek

Just Another Genome Hacker, Sadly, my most voted-up answer on Stackoverflow (311 votes) belonged to a question that later got deleted. The question came from a girl that asked for something cute that she could put on the icing of a birthday cake for her programmer boyfriend. I suggested that, if her boyfriend is somewhat mathematically inclined, she write the following: sin(t) √|cos(t)| r = __________________ - 2 sin(t) + 2 sin(t) + 7/5 If he doesn't get it at first, she could tease him with saying that it is obvious that he should take the polar plot of it. If he still doesn't get it, she should tell him to enter it in WolframAlpha, that should yield the result:

Updated on September 18, 2022

Comments

  • BioGeek
    BioGeek almost 2 years

    To combat procrastination, I edit my /etc/hosts file by adding time-wasting websites and pointing them to localhost. However, the flesh is weak and I often find myself reverting my changes.

    I was thinking of the following solution, but I don't know if it is technically possible.

    I would ask a trusted friend to come over, create a new account with a strong password that I don't know, change the owner and permissions of the /etc/hosts file so that only that new user can change that file and that I nor root no longer have access to it.

    The use case would be that I ask my friend to come over before the exam period, he changes the file and puts the procrastination blocking measures in place, and that during the time I need to study I have no way of editing the file myself. After the exam period is over, I ask him to 'unlock' the file and I can browse freely again.

  • Oli
    Oli almost 13 years
    You could delete /usr/bin/chattr after locking your hosts and restore it after your exams. Might break everything though.
  • BioGeek
    BioGeek almost 13 years
    I didn't know about the chattr command, but the initial problem remains: I want to protect me from myself. If I know there is a way to unlock/restore the file before the exams, I probably will. Therefore I am still looking for a solution where only a third party can grant me access to that file. Thanks.
  • BioGeek
    BioGeek almost 13 years
    I don't think removing myself from the /etc/sudoers file is an ideal solution: I still want to be able to perform other system tasks like installing software, etc. I just don't want to be able to change /etc/hosts any more unless an outside party grants me access to that file. Any solution where I can add myself back to the admin group defeats the point, because I will probably end up doing that before the exams end. Thanks.
  • Oli
    Oli almost 13 years
    Installing software can be done with policykit. For example you can already request updates through update-manager which is otherwise a root-only endeavour. As for stopping yourself - you could create an admin user that only your friend can use to log in and re-add you as an admin.
  • djeikyb
    djeikyb almost 13 years
    I would amend this to "Ultimately, if physical access is available...". Procrastination is easy as a livecd.
  • Richard Holloway
    Richard Holloway almost 13 years
    As long as you have root access you cannot do this. Even if there were a way, you still have physical access to the machine and can boot the machine from a rescue/live cd/usb and edit the files. I will post another answer.
  • brobrobrobrobro
    brobrobrobrobro almost 13 years
    True. I had not thought of that.
  • technosaurus
    technosaurus over 10 years
    Just modify the source of your init process to force the chattr (polling or via inotify). Then you would have to boot with a live cd to change it, to counter that you can store it as a string in init and generate it on startup inside init. Personally I'd use an inotify watch on the file to replace it with the internal string on any inotify event.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I install gpointing-device?
Unable to create lock file when starting mongod via upstart
Default permission of hosts file
iOS 7 Locked Bug via Ubuntu 13.10
How to edit /etc/hosts without sudo?
Permissions for editing hosts file on Windows 7 Home Edition
How can I modify my hosts file? It is read-only and cannot be modified even as Adminstrator.
Can't edit file after `chattr +i`
Permission.locationAlways.isGranted always returns false ios
Execution failed for task ':permission_handler:compileDebugJavaWithJavac'