Hi forum!
I am managing some systems I my small business, and I am using Linux on all PC.
And now i need way to prevent users (without hard restrictions on other services) from running shred. It must be accessible only from root (not sudo, just in case)
Is it possible?
Normaly a user can use shred for his own files, not for files from other users or system
I know this. But it is small business server running on regular PC in the storage room
So I need to prevent usage of this command to avoid deleting logs (maliciously) or clients files.
Even if you chmod it to 700 or move it, a user can still delete their own files. shred is not the threat, file permissions are.
If a user cannot write to the file or directory, shred does nothing. If they can write, removing shred won’t stop them from using rm, truncation, or any programming language to overwrite the file.
So lock down permissions so normal users never have write access to anything sensitive.