Hi,
I created a new non-admin user account and I want to restrict access to the systemwide installed software. Is there a tool to do this?
Greetings and thanks for help.
Hi,
I created a new non-admin user account and I want to restrict access to the systemwide installed software. Is there a tool to do this?
Greetings and thanks for help.
What exactly are you trying to do?
For a simple scenario (sudo'ers can run all programs, non-sudo'ers can only run certain ones) you could change the 'group' attribute of the privileged programs to whatever group all the sudo'ers are in (I can't remember if it is 'wheel' or 'admin') and set the execute permission so "everyone" has NO execute permission. It would be something like this:
sudo chgrp /usr/bin/firefox admin
sudo chmod a-x /usr/bin/firefox
sudo chmod g+x /usr/bin/firefox
That probably isn't the best approach, and it does nothing about the .desktop launchers appearing, but if nobody comes up with anything better...
I would avoid messing with the default group attributes until we knew what sort of things the OP has in mind. Depending on what is required, there might already be a group setup for that, or the intended result might want a different approach.
Please be more specific. Are you talking about disabling built-ins like ls and cp with the intention of denying certain users the CLI? I don't know that I would play around with measures like that for fear of creating an unstable system. If we only knew what your goals are, perhaps someone could come up with the right answer. Regards.
In working with *nix...There be dragons. Newcomers: I recommend reading Linux is Not Windows (http://linux.oneandoneis2.org/LNW.htm) and The Linux Command Line (http://www.linuxcommand.org/tlcl.php) before beginning your quest for a better OS.
Hi,
I have a computer which is used during the day for CAD works. Later my children use it for everything else, like playing, watching videos etc. So it has lots of programs installed, which could distract. I want to be able to block some programs for a certain user account. The programs are already installed.
Greetings
I think the simplest solution for that would be to remove the entries for those programs from the kids' menus. Broad access restrictions would be difficult to implement.
You could consider restricting execution of just the small set of programs you want to block. If these are installed from the repositories, identify the program(s) in /usr/bin and do the following:
First, create a "bin" subdirectory in your home directory and copy the CAD program to it. Make sure the program is owned by your account and not by root. Now run the command:
After that only you can execute the program. Check that this works by opening a terminal and entering /home/username/bin/program_name.Code:chmod u+x,go-x /home/username/bin/program_name
If you now log out and log back in, type the command "echo $PATH". You'll see that $HOME/bin has been added to your path (code to do that is in /home/username/.profile). Now you can just type the program's name at the terminal prompt to run it, or you can create a launcher so you can run it from the GUI.
If all this works as advertised, delete the original copies of these programs so those copies won't be available to the kids.
Last edited by SeijiSensei; April 14th, 2014 at 10:22 PM.
If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.
Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
I would strongly recommend that you set up unprivileged accounts for the kids, and then add a group for your special apps.
If you wind up changing permissions on more than 10 or 20 apps I would say you're going about it the wrong way.
Most of us I think are hedging because we still don't know what you're trying to accomplish. You want your kids to do the normal things an Ubuntu user would be able to do, but you want your business specific things to be privileged? That's perfectly do-able. But to go through all the commands/apps available and decide whether they're child-safe, that's going to get you an unusable system.
Feel free to be extremely specific. We can help, but we can't be any more specific than you are.
Hi,
it's just the way round. Its not about my kids. They play their games and watch some music videos, which is ok. They are doing their things on their normal user account or my privileged account, but they don't know the password. To install things they have to ask. I want the CAD-account to be exclusively dedicated for work. So it is intended to be without games, social things and so on.
Is there a helpfile about the different "groups" you mentioned? I couldn't find anything, even in the forums.
Bookmarks