I've been working with Pis for a few years now, but I've recently encountered something that I can't quite wrap my head around. I am working to set a few Pis as catalog machines for a local library, meaning that the patron user I created should only be able to access chromium from the desktop. Currently, I have denied the patron user all sudo permissions and locked down their access to their own file directories (execute only) and those of other users (no access). I have also disabled most of the desktop icons and further hidden x-terminal, so users won't accidentally stumble upon it. Luckily, these security measures will be acceptable for most of our users, but it isn't most users that concern me.
In some testing I've done so far, I've found that it is possible to use chmod u+rwx /home/USER on one's own user directory, even without sudo privileges. This obviously is not ideal, as it gives users that have sufficient pi experience the ability to modify anything within their directory. I then tried to limit chmod permissions in /bin to be executable by root users only, which worked perfectly to prevent patron from changing its own modifiers, but it also creates a boot loop on the initial login screen (Entering correct password generates blackscreen and reloads login screen).
Now that we've gotten that out of the way, I have a few questions, some for the furthering of this project, and some just to satiate my curiosity:
~Is there some reason that logging in to a user would call chmod?
~Is there any way to limit access to commands such as chmod that could potentially cause security threats?
~Are there any other breach possibilities that I have not considered? / Is there any way to protect against them?
And yes, I am aware that as long as a user has physical access to the Pi's, almost anything is possible through the USB ports, but the Pi's are unreachable, so I'm only looking for software workarounds.
