"Lock" one specific file so that I nor root no longer have access to it any more

hosts permissions lock

To combat procrastination, I edit my /etc/hosts file by adding time-wasting websites and pointing them to localhost. However, the flesh is weak and I often find myself reverting my changes.

I was thinking of the following solution, but I don't know if it is technically possible.

I would ask a trusted friend to come over, create a new account with a strong password that I don't know, change the owner and permissions of the /etc/hosts file so that only that new user can change that file and that I nor root no longer have access to it.

The use case would be that I ask my friend to come over before the exam period, he changes the file and puts the procrastination blocking measures in place, and that during the time I need to study I have no way of editing the file myself. After the exam period is over, I ask him to 'unlock' the file and I can browse freely again.


Solution 1:

You can lock a file so not even root user can edit it.

sudo chattr +i /etc/hosts

Stop reading this answer until after you exams :)

Then you unlock the file again using 

sudo chattr -i /etc/hosts

Solution 2:

Ultimately, if root access is available, there is no foolproof way to stop a smart user from doing what they want. I do not think that there is a way to do this, other than to relinquish root access.

Solution 3:

You could set up another user account that is a regular desktop user than cannot use sudo. Then get your mate to come round and log in as you on your existing account, edit the /etc/hosts file, then reset your password without telling you what it is and log out.

Then you have to use the new account, which does not have the rights to edit /etc/hosts.

You will still need to exercise will power though to stop you from booting from a live CD/USB.

Solution 4:

As an alternative, the same time you make your /etc/hosts file, you could also edit the /etc/sudoers file or just remove your user from the admin group. Changing group is probably easier.

You should probably build a safe-guard so that you can add yourself back to the group. I suggest adding something in /etc/rc.local or something in a wake script (quicker than doing a full reboot).

If the worst happens and you are locked out, you can boot to recovery mode (in grub) and use the root console to manually add your user back to the admin group.

Related

Java will not run in Chromium, Google Chrome and Firefox
What is the toolchain upload that happens at the start of every release cycle?
How to get icedtea7-plugin?
How do you get details from the output of the locate command?
Creating Unity appindicator icons
How to tell the version of jetty that apt-get will install?
Is possible to run the jsc (JavaScriptCore) utility from the command line in Ubuntu, like in OSX?
Nvidia over ATI: Choosing a video card [duplicate]
What applications are removed when I upgrade to 12.04?
How to convert WMA lossless to FLAC?
VPN default route issue when using the UI
Can't change Flash settings from Chrome neither Firefox