LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop
User Name
Password
Linux - Desktop This forum is for the discussion of all Linux Software used in a desktop context.

Notices



Reply
 
Search this Thread
Old 01-23-2009, 01:54 AM   #1
iinfi
LQ Newbie
 
Registered: Dec 2008
Posts: 26

Rep: Reputation: 15
how to block certain programs to linux users


hi all,

i need to know whether i can block certain users of the system from accessing certain programs.
e.g i want to block sound and audio to few users
block CD Rom drive access and USB port access to certain users.
few other programs may b like skype installed on the system.

plz let me know if this is possible.

thanks
 
Old 01-23-2009, 02:23 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
Controlling access by group membership is one way of controlling access. You can remove a user from the "audio" group for example.
Using udev to control permissions of devices as they are created is another possibility. Udev is sometimes used to change a device's group ownership from the default root ownership.

A more general method allowing more granularity is to use Policy Kit. Look at the comments of /etc/polkit-default-privs.restrictive if you have it.
Code:
#
# /etc/polkit-default-privs.restrictive use in an envirenment where
# hosts are centrally administered and users should have minimal
# privileges. Privileged operations require authentication as admin.
# 
# Please do not modify this file, use polkit-default-privs.local instead.
#
Also this manpage may help:
man 5 polkit-default-privs

If you have Polkit installed, it probably came with html documentation somewhere entered in /usr/share/doc/.

The udev/dbus/HAL/Polkit combination is fairly new, so I doubt that there is a PAM module to retrieve a group of policies from an LDAP directory when a person logs in. There are commands to change policies on the fly that would probably be used. ( Sounds like a good open source project if it doesn't exist )

Having restrictive policies by default, and removing select restrictions depending on the users credentials will probably do everything you want.

Sorry I can't point you to a particular project or HOWTO to implement it.

Oh, one more thing. Polkit tends to control access using ACLs instead of group membership. That is something you can manually do yourself if you wanted, but this would be unworkable for a large number of users or hosts.

Last edited by jschiwal; 01-23-2009 at 02:25 AM.
 
Old 01-23-2009, 03:04 PM   #3
iinfi
LQ Newbie
 
Registered: Dec 2008
Posts: 26

Original Poster
Rep: Reputation: 15
thanks a lot sir, i will dig further into this
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Block access to CDROM for some users (or all users) emil_jfb Linux - Hardware 3 07-21-2008 01:21 PM
Sound: programs block each other adrianmariano Linux - General 2 09-18-2007 05:31 PM
Need example programs for Block Device Drivers asprakash Linux - Kernel 4 07-04-2006 02:17 AM
Can you block programs (like p2p) by protocol examining? servnov Linux - Networking 3 10-02-2005 05:33 PM
how to block selected programs from access to network red11 Linux - Software 0 03-28-2004 10:08 PM


All times are GMT -5. The time now is 01:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration