I want to make it impossible for any root commands to be issued during a Live Boot session. I don't want anyone being able to sign in as root. Period!
So, is it possible to stop the sudo service? If so, would this accomplish what I'm trying to do?
I tried the three possible stop service commands below but chkconfig --list
show sudo still working:
(1)
sudo stop sudo
(2)
sudo /etc/init.d/sudo stop
(3)
sudo service sudo stop
You have to restrict Physical access. If someone has physical access to your computer (hard drive) they have root access, regardless of OS.
This is why they keep servers in locked rooms =)
Second best is an encrypted installation. That will make it difficult or impossible for someone with physical access to access your data, assuming the computer is shut off and they do not install a modified kernel.
To further refine my answer, now that you have asked about setting up a kiosk ..
First, you need root access via some mechanism, sudo or su, take you pick, to perform system administration. Since completely disabling sudo , su, or all root access is unrealistic. With what you have posted, I would look at locking down your kiosk with apparmor (take a look at the apparmor profile for the gurest account as a template).
If you do not know how to use apparmor, use a distro that is built as a kiosk. Why re-creating the wheel?
Options here
1) Use Ubuntu with the guest account. The guest account is confined by apparmor:
http://dangertux.wordpress.com/2011/11/22/341/
2) There are other options
Fedora makes a kiosk spin, locked down with selinux
http://spins.fedoraproject.org/kiosk/#home
3) Other distors
http://webconverger.org/
You can't get rid of
sudo
the way you think, but you can explicitly define what users are allowed to do, all the way from disallowingsudo
through to requiring passwords for particular commands. It is very powerful.You do this through the use of
sudoers
From Ubuntu.com:
It does this through four kinds of aliases: User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias which work as their names suggest.
which