Home Command line utilities Delayed Admin – Temporarily Drop Admin Privileges To Administrators

Delayed Admin – Temporarily Drop Admin Privileges To Administrators

By sk
1.2K views

Today, I stumbled upon an interesting utility named "Delayed Admin". As the name says it all, this utility will temporarily drop admin privileges to administrators. Delayed Admin will not remove the admin privileges of an administrative user account completely, but delays them for a particular time. In other words, the users will still have administrator access, but can’t use it at their whims. They must have to wait for some time to execute any command that requires "sudo" or "su" privileges. Please note that they still can run any commands which can be run as a normal user.

Why on the earth anyone would want this? Self-control! Allow me to explain. Have you ever used some self-control apps and/or addons that restrict you from visiting certain websites for a particular time? I do! Those apps will block some websites for a certain period of time to increase our productivity. So we can concentrate on our work without any distractions or the urge to visit the addictive sites. However, if you're an administrator, you can uninstall or disable those apps at any time and visit the sites whenever you want, right? Indeed! In such cases, we need something powerful that won't allow us to perform any administrative tasks even if we are the administrators. This is the principle Delayed Admin is based upon. So if ever wanted to delay the admin privileges to administrator account for some reason, Delayed Admin will definitely help.

WARNING - It is not for NOOBS!

Before trying Delayed Admin utility on your Linux system, please remember the following important points.

  • After setting up Delayed Admin, you can not perform any administrative tasks using "sudo" or "su" privileges. So, it is recommended to setup two administrative accounts. Just in case you're locked out of your system, you still can use another administrative account to gain the administrative access.
  • Delayed Admin will make you wait for 30 seconds by default before running any administrative tasks with sudo privilege. Some of you might find this annoying. If you're an impatient user, don't install it.

Installing Delayed Admin

Install Git if it is not installed already. Git is available in the default repositories, so we can install using the default package manager. For instance, to install git on any Debian-based systems, run:

$ sudo apt-get install git

Clone the "Delayed Admin" repository locally:

$ git clone https://github.com/miheerdew/delayed-admin.git

This will create a directory named "delayed-admin" in the current directory and download all contents. Cd to the directory:

$ cd delayed-admin/

Then, install Delayed Admin using command:

$ sudo ./setup.sh install

Sample output would be:

[✔] Created group delayed-admin
[✔] Copied /usr/local/bin/delayed and /etc/delayed-admin.conf
%delayed-admin ALL = /usr/local/bin/delayed
[✔] Copied above to sudoers file /etc/sudoers.d/delayed-admin
[✔] Install successful

Once installed, add the current user to the delayed-admin group:

$ sudo usermod -a -G delayed-admin "$USER"

Finally, remove the current user from the sudo group:

$ sudo gpasswd -d "$USER" sudo

Log out and log in back or reboot the system to take effect the changes.

How to temporarily drop Admin privileges to Administrators using Delayed Admin

Please note that from now on you can't use "sudo". Instead, you will have to use "sudo delayed" when you perform an administrative task.

Let us run a command with "sudo" privileges and see what happens.

$ sudo apt-get update

Sample output from my Ubuntu 16.04 desktop:

Sorry, user ostechnix is not allowed to execute '/usr/bin/apt-get update' as root on ostechnix.

See? Even if I entered the correct admin password, I can't be able to perform any admin tasks.

Now let me run the same command "sudo delayed" prefix:

$ sudo delayed apt-get update

Sample output:

Sleeping for 30 seconds staring from 01/15/18 15:13:45
[...]

Did you notice? Delayed admin utility has put the given command under sleep for 30 seconds. That means your admin user privileges are dropped for 30 seconds, by default. Therefore the given command will only execute after 30 seconds.

Delayed admin Temporarily Drop Admin Privileges

From now on, you have to wait for 30 seconds to execute any commands with sudo privileges. You can, of course, change the default time interval in /etc/delayed-admin.conf file. To do so, edit this file:

$ sudo delayed nano /etc/delayed-admin.conf

Then change the delayed time interval as per your wish. Remember you must run all administrative tasks with prefix "sudo delayed".

Uninstall Delayed Admin

Waiting for 30 seconds to run an administrative tasks might be annoying or unnecessary. If so, simply uninstall it as described below.

First, add your user back to the "sudo" group. I repeat - you must add the user to "sudo" group before uninstalling this utility. Otherwise, you will lose the sudo access permanently. Another good option is to have two administrator accounts.

To add the current user back to the "sudo" group, run:

$ sudo delayed usermod -a -G sudo "$USER"
$ sudo delayed gpasswd -d "$USER" delayed-admin

Log out and log back in or reboot the system to run commands with sudo privileges.

Go to the directory where you cloned the Delayed Admin contents and remove delayed-admin utility using command:

$ cd delayed-admin/
$ sudo ./setup.sh uninstall

Sample output:

[✔] Deleted /usr/local/bin/delayed /etc/delayed-admin.conf
[✔] Deleted sudoers file: /etc/sudoers.d/delayed-admin
[✔] Deleted group delayed-admin
[✔] Uninstall successful

Finally, delete "delayed admin" directory:

$ cd ..
$ rm -r delayed-admin/

Suggested read:


Hope this helps.

Resource:

Thanks for stopping by!

Help us to help you:

Have a Good day!!

You May Also Like

2 comments

Miheer Dewaskar January 17, 2018 - 11:26 pm

I am the author of Delayed Admin. Thanks for describing the steps in detail!
A small suggestion: add “sudo ./setup.sh uninstall” at the end of the uninstall step to finally remove the files installed by the install step.

Reply
SK January 18, 2018 - 11:25 am

Good catch. I forgot to add that. Updated now. Thanks.

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More