-3

I am looking at building a script, which eventually needs to install some application - copying folders/files to certain places in Mac & Linux. User should not be able to delete those folders/files or the script i pass to user. Is there any way to achive this?
For mac - sudo chflags schg /path/to/file - can be set.
For Linux - i can set sticky bit via chmod +s /path/to/file.
Problem is, if the user knows administrator password ( root password i meant), then they can change the permissions and then delete using rm -rf.
Question is how do i catch them? How do i make sure, if in case user as root runs rm -rf, its catched, and my files/folders does not get deleted.
Any pointers to this are greatly helpful.

Thanks

EDITED: Due to a clarifying note by the OP, the purpose here is to control network users who somehow got the root password, rather than subvert the will of the lawful owner of the machine.

Shachar Shemesh
  • 8,193
  • 6
  • 25
  • 57
Shekar
  • 21
  • 4
  • Don't tell them the root password, of course. What's the question? – user202729 Feb 05 '18 at 06:23
  • If user knows the administrator password then he/she is god of that computer. You can not prevent him from doing anything. – Arpit Solanki Feb 05 '18 at 06:24
  • 1
    @ArpitSolanki, OP is trying to create a virus. It is up to you whether you want to try and help him/her. – Shachar Shemesh Feb 05 '18 at 06:29
  • When did I ever say that its a stupid idea or he should not do it. My comment is perfectly valid here. Administrator password grants full power to a computer. He also should state that his purpose is to create a virus. @ShacharShemesh – Arpit Solanki Feb 05 '18 at 06:31
  • Sorry, but i am not creating a virus in any way. As domain administrator, i wanted to know, if things like this can be done or not. We have instances where users somehow found out about root password and then go ahead and delete files using `rm -rf` I know, `rm -f ` in case of file and `rm -rf` in case of directory doesn't prompt regardless of permissions - wanted to know if this can be catched. And in case of mac, users prompte themselves as administrators via system-preferences and using sudo delete files. This was a genuine ask. Please understand. If you know better way , let us know. – Shekar Feb 05 '18 at 06:33
  • Really feeling sad here, when a genuine question is asked, its marked down with -1's and linking to virus and stuff :( – Shekar Feb 05 '18 at 06:35
  • @Shekar the question should have been clearer. Seeing as you're a novice here and probably can't do it yourself, I've edited the question to reflect that new point. Believe it or not, it actually changes the technical aspects of the answer. I've also removed my down vote. – Shachar Shemesh Feb 05 '18 at 07:56
  • Thanks a lot @ShacharShemesh for editing the question and taking down -1. Yes i am new to this field, i meant asking questions in this forum. You are right. I wanted to see if there is any way, where users in case get hold of password, they don't accidentally or intentionally delete the applications/scripts which required for org perspective. I always do stickybit and chflag stuff but that didn't help. As you said, i need to find a way to centrally manage mac / linux machines better. – Shekar Feb 05 '18 at 15:00
  • @Shekar one more point to keep in mind. If you read an answer and think it is good, click the up arrow above the number next to it (upvote). You can do that whether it is an answer to your question or not. It's a way of saying thanks. For answers to your question, there is also a checkbox. Clicking it "accepts" the answer. – Shachar Shemesh Feb 06 '18 at 17:21
  • Thanks, i can't do upvote, as it says some 15 reputations are needed :( – Shekar Feb 08 '18 at 17:43

1 Answers1

0

You cannot do what you're trying to do, nor should you.

If the user has the root password, it means you trust her with the computer. If you want someone not to be able to do something, don't give them the root password.

The attributes you mention are good ways to prevent accidental deletion of files, and it is all you can expect to achieve.

Again, if you want them not to delete the files, don't give them root.

Shachar Shemesh
  • 8,193
  • 6
  • 25
  • 57