Can I create a *super* super-user so that I can actually have a user that can deny permission to root?
The "user" you want is called LSM: Linux security module. The most well known are SELinux and AppArmor.
By this you can prevent certain binaries (and their child processes) from doing certain stuff (even if their UID is root
). But you may allow these operations to getty
and its child processes so that you can do it manually.
You're misunderstanding the concept of the root
user.
In plain English, root
is at the "top of the tree".
What if you decide one day to have a "super super user", and then next month, a "super super super user"(!). How far "up" the tree would you want to go? How would you shuffle all the permissions and hierarchy to make that work? Who is always at the top? Someone has to be at the top, and it's root
. End of story.
The solutions given here - including AppArmor and SELinux - don't really change this. They simply allow finer grain control over root
permissions and processes.
It sounds to me like your update process isn't suitable for the desired outcome. But that's not a fault of the root
user, at all. Instead of overcomplicating things, think of root
as the highest level permission user, and then everything else, you have to work downwards.
I know some people will mark this down, but there is no level higher in the user hierarchy, and all the other solutions simply give slightly different control to how root
permissions work. But they do not create a new user, with higher permissions.
You can't have a user with "more permissions" than root
because root
represents the highest level of permissions possible. Using a phrase like "more control than root" is a contradiction - root
has full control and all possible permissions, so there is nothing that can be done above it.
If you just want to prevent files or directories from being changed/deleted then just set the immutable flag on them.
chattr +i <file>
Not even root will be able to do anything to them unless the flag is removed. It's also possible to use the container/namespace system to prevent root access but that seems like overkill for what you need.