Background: Virtual Private Server
I have a virtual private server that I'm looking to host multiple websites on, and provide access to another web developer. I don't care about putting too many constraints on him, though I wouldn't mind isolating the site that he'll be developing from other sites on the server that I will develop.
The problem: retain control
Mainly what I want is to make sure that I retain control over the server in the future. I want to reserve the ability to create/promote/demote and other administrative functions that don't deal with web software. If I make him an admin, he can sudo su - and become root and remove root control from me, for example.
I need him not to be able to:
- take away other admin permissions
- change the root password
- have control over other security/administrative functions
I would like him to still be able to:
- install software (through apt-get)
- restart apache
- access mysql
- configure mysql/apache
- reboot
- edit web development configuration type files in
/etc/
Other Standard Setups would be happily considered
I've never really set up a good sudoers file, so simple example setups would be very useful, even if they're only somewhat similar to the settings that I'm hoping for above.
Edit: I have not yet finalized permissions, so standard, useful sudo setups are certainly an option, the lists above are more what I'm hoping I can do, I don't know that that setup can be done. I'm sure that people have solved this type of problem before somehow, though, and I'd like to go with something somewhat tested as opposed to something I've homegrown.
Depending on the amount of applications you want to allow him to perform, an option would be to allow him to execute commands withou even having to sudo. This could prevent you from giving him a root access, while still allowing him to perform his tasks: To do this, add in the sudoers file a line like this one for each application he should be allowed to do:
Edit: the virtual machine solution would for sure be the safest option
If you're not stuck on Debian/Ubuntu (and you have the ability to change/choose your OS), FreeBSD's Jails were built with this in mind and have been in production for years:
http://www.freebsd.org/doc/handbook/jails.html
Unfortunately given the privileges you have given him there really isn't a good way create a foolproof configuration prevent him from trying to block access from you. Being able to edit arbitrary files in /etc, being able to install software almost certainly means that the person will have the ability to bypass anything you setup with sudo.
The real question comes back to physical access. If you have physical access to the system there really is nothing that he can do that you cannot easily bypass by simply rebooting the system from a livecd and repairing things.
I believe these days most people address this kind of an issue by setting up a VM and giving access within the VM. If they do something wrong or make a configuration error then fixing things is usually a reboot away.