Is it possible to have a user in Ubuntu/Debian that does not have access to
dpkg and cannot even download anything from the Web, but has root privileges otherwise?
Original post (above translated by aimar):
Bonsoir je voulais savoir s'il est possible d'avoir un user avec tous les droits de root et qui ne peux rien télécharger. En fait je cherche à désactiver synaptic, apt-get, dpkg Merci
I'd say your best bet is to remove the binaries that you don't want your root user to use (wget, apt-get, etc).
However this can break some system fuctionnalities because some applications assume you have a functionnal wget, dpkg, etc. And, well, as long as it's root, and even with no internet connection, he can insert a cd and recopy the binaries...
Downloading from the web can be blocked using the firewall settings of Linux (iptables).
As for root - if you want to only provide access to specific commands as root then you would be best off using
sudo to grant specific users access to specific commands.