Are user files still private when two sudo users exist in Ubuntu?

permissions sudo

I am sharing my personal Ubuntu PC with one of my colleagues.

I created another user with a different password (he knows of course) and added it to the sudoer list.

Given that there are two sudo users in a single Ubuntu system:

  • Are the private files (specified by owners and permissions) of any of these users still private?

  • Can I modify my colleague's files via sudo command, even sudo su, or vice versa?


If your colleague is in the sudoers list he is root as much as you if he wants it (and he can impersonate you too), and then he can see everything.

This is the worst setup you can have if you want user privacy. You should definitively read into how user management on Linux works. Here are a few articles yo can start with:

  • https://help.ubuntu.com/stable/ubuntu-help/user-accounts.html
  • How to manage users and groups?
  • https://help.ubuntu.com/community/EncryptedHome

And even then if someone has physical access to the machine in question, there is no privacy, he could drop at boot into a root shell and see everything no matter what, and if this would be password protected he could still use an USB stick and go in on this way.

So best thing in that case is proper user management, password for root, and encrypted drive and/or encrypted home directories.


A simple alternative is to keep your private data in an encrypted file (could be a tar archive file, that you encrypt, for example with gpg). You must remember to overwrite and remove the clear text files after looking at them.

Another alternative for all of you who share a computer and sudo (root) access is to use encrypted home and encrypted swap.

But this will not help, if you are logged in at the same time. As a matter of fact you have to reboot the computer to get rid of your files in clear text format even with encrypted home.

In general security is very difficult, and a single user system with encrypted disk (LVM with encryption) would be the simplest way to keep things secure.

  • Do not store sensitive private data in a shared computer
  • Do not store private data in a computer that belongs to your employer

Once you are able to get root permissions (e.g. using sudo ,su,etc).
You have full access to every file on the system.

So both of the users which have sudo permission, and can became root using sudo bash will have full access to every file on the system

According to this Q&A in SE-Security: You might be able to modify SELinux (which isn't Ubuntu) in order to limit root access:

If your question is "can I easily and safely do this now?" the answer is no. If your answer is "I am prepared to learn about SELinux, get down and dirty with my distribution and put up with quite a lot of things not working" the answer is it is possible to constrain root much more than your average install. That said, this does not in any way make you invulnerable to exploits - it does not make it impossible for a user to circumvent this extra access control either in software or physically.


To make what the other answers already stated perfectly clear: That other user is not only "root as much as you" (Videonauth's answer), they can also become you (switch to your user account).

This is because with superuser privileges, one can switch to any account.

You probably know

sudo su

which is one option of opening a root shell if root does not have a password set (so you can't just log in as root directly).

su is short for "switch user". What user does it switch to? None is stated, right? But from the man page, we can learn that:

Invoked without a username, su defaults to becoming the superuser.

So this effectively is

sudo su root

if you didn't rename root to something else.

If you just run su <someuser>, you will be prompted for a password. So if you run su root, you're prompted for root's password (which doesn't exist in Ubuntu by default, so you can't log in (note that no password being set means there is no means of logging in via a password which is different from the password being the empty string)). But if you run sudo su root, you're prompted for your own password. And you're only prompted for it by sudo. Once sudo received your password, it runs the command it received as parameters with superuser privileges. As one is able to switch to any account when having superuser privileges, a password prompt is not necessary.

So by executing

sudo su <yourusername>

, the other sudoer can log in as you.

Related

What does >> or double Angle brackets mean? [duplicate]
"mv file" and now it's missing
Why do "df" and "du" commands show different disk usage?
syntax for SOCKS proxy in apt.conf
add-apt-repository throws Python error: UnicodeDecodeError: 'ascii' codec can't decode byte 0xc5
Where is the bootloader stored - in ROM, RAM, or elsewhere?
Why I can't uncompress a .bz2 file using tar?
Plex Media Server: Won't find media External Hard Drive
Ubuntu 18.04: Bluetooth device disconnects right after connect on Lenovo P50
keyboard shortcut gnome-terminal (ctrl-tab) and (ctrl-shift-tab) in 12.04?
"Unmet dependencies" When trying to install KDE Plasma 5.3 on Ubuntu 15.04
installed jdk by and have Error: Could not create the Java Virtual Machine