User with sudo rights ONLY in certain folders. SELinux?

[Br4mb0]

Hi!

 

I have a school project where we have a DevOps assignment. For this project there are a number of different people working on it. All students from my class. 

I want to give them an account so they can SSH into my server (running Ubuntu 18.04) and use that account to do sudo tasks, but only in certain folders (their own home directory). This is primarily so they don't mess up the rest of my system. Then I did some research and found SELinux.

 

There seems to be a way to do this with that program. But then I read some worrying things: It can lock your whole system if you're not careful (the thing I'm trying to avoid) and there's not much documentation for it regarding Red Hat systems, let alone Debian systems. Is there a quick and rather moderately easy way of doing this? Thanks in advance!

 

If you need some more information, I'll reply as quickly as I can.

 

[Electronics Wizardy]

file permissions can basically do all of this for you.

 

limit sudo acess in the sudoers file, and only give them write access to their home folder only.

 

 

[maplepants]

What tasks are they doing with sudo? The more secure setup would be just give them rights to the folders and resources they need without any sudo rights at all. In general, somebody with sudo privileges can do whatever they want on your system.

 

You can also check out the sudo configuration man page in case it gives you what you need.

[Br4mb0]

14 hours ago, maplepants said:

What tasks are they doing with sudo?

Mainly just installing packages and configuring various packages. But I don't want them to be able to access the root directories, only their own home directory so they can install everything there. None of us have a lot of experience with Linux, we were just thrown into the deep end. So I don't want to reinstall the OS every day, if that makes sense.

 

But thanks for the replies. I'm going to try it this afternoon. I'll keep u posted! I didn't think it could be so easy.

[maplepants]

4 hours ago, Br4mb0 said:

Mainly just installing packages and configuring various packages. But I don't want them to be able to access the root directories, only their own home directory so they can install everything there. None of us have a lot of experience with Linux, we were just thrown into the deep end. So I don't want to reinstall the OS every day, if that makes sense.

 

But thanks for the replies. I'm going to try it this afternoon. I'll keep u posted! I didn't think it could be so easy.

Okay, so if you just need them to practice installing stuff fire up some Ubuntu containers on the host system and give each one ssh access to their own container.

You can have the containers listen for ssh on port 2022, 2122, 2222, etc. It'll give them an environment where they're root which isn't your host environment.

 

For example, if one of the guys was named Dave you'd setup his machine like this

 

docker run -d -v /root/.ssh/authorized_keys:/home/me/keys/daveskey -p 2022:22 ubuntu:20.04

 

Then you tell have to login to the machine on port 2022. He'll land in that container and can play around.

[Br4mb0]

On 10/30/2020 at 10:18 AM, maplepants said:

Okay, so if you just need them to practice installing stuff fire up some Ubuntu containers on the host system and give each one ssh access to their own container.

You can have the containers listen for ssh on port 2022, 2122, 2222, etc. It'll give them an environment where they're root which isn't your host environment.

 

For example, if one of the guys was named Dave you'd setup his machine like this

 

docker run -d -v /root/.ssh/authorized_keys:/home/me/keys/daveskey -p 2022:22 ubuntu:20.04

 

Then you tell have to login to the machine on port 2022. He'll land in that container and can play around.

Sorry I totally forgot I posted this here. We eventually just ended up having me configure everything. Thanks a bunch though.