Restrict root access

Patrick · September 11, 2019, 6:05pm

As per Debian default it kinda is: as soon as folder ~/bin exists and new shell opened (or after reboot?) it will be in PATH by default. Tested. I am using it and never changed PATH.

iamwho:

Sorry to bring up an old point, but Xorg is a red herring.
user@host:~$ cat ~/bin/sudo 
#!/bin/bash
read -sp "[pseudo] password for user: " lol
Even if you log in from virtual console and run
user@host:~$ /usr/bin/sudo
how do you know you are talking to bash? If you don’t trust user you don’t trust user.

See:

X has its problems but root access hardening has a point.

I will update Strong Linux User Account Isolation