locking install/upgrade/remove in sudoers

Asked by Seb on 2010-10-04

Hello

I was just looking at the script for locking down webcontentcontrol (changing sudoers to prevent access to it).

I was wondering if it was possible to edit sudoers to also block removing/installing/updating dansguardian and firehol while still being able to install/update/remove other programs?

This would allow a user to continue using ubuntu as normal (installing apps as needed) and have a filter they can't turn off (currently if you uninstall firehol the filter doesn't work).

Question information

Language:
English Edit question
Status:
Answered
For:
WebContentControl Edit question
Assignee:
No assignee Edit question
Last query:
2010-10-04
Last reply:
2010-10-04
Seb (sebas-home1) said : #1

Thanks in advance for any help

KIAaze (zohn-joidberg) said : #2

You can create a script calling apt-get, but filtering out any attempt to remove dansguardian, tinyproxy or firehol.
Then you just give the user sudo permissions on this script instead of apt-get.

Have a look at what Eric Duveau did here:
http://ubuntuforums.org/showthread.php?p=6962355&highlight=duveau#post6962355
http://forums.opendns.com/comments.php?DiscussionID=2942&page=1#Comment_18690

KIAaze (zohn-joidberg) said : #3

If you write such a script, let me know and I'll add it to the repository. :)
(Or you can join the team and add it yourself.)

Can you help with this problem?

Provide an answer of your own, or ask Seb for more information if necessary.

To post a message you must log in.