selective application access for users
I have FC5 (with KDE)installed on my machine .
I have 5 local users - user1, user2, user3, user4, user5 - on this machine. Now i would like to restrict certain applications for only certain users. eg- user1 can access only firefox, user2 can access only Gaim, user3 can access Firefox+gaim etc... How i go about achieving this? The purpose of doing this is that with various levels of privilages i want to give only selective application access to users. I hope you understand the requirements... any alternate solutions in implementing this is welcome.. Thanks in advance... |
This is easily implemented with user groups. Make a user group for each application. Then make the executable file for that application owned by the root user account and the application's group. Then make the application's group permissions x or rx. If someone is allowed to use this application then give that user membership in the application's group.
For example, let's say that we want to restrict access to firefox. We want user01 to be able to use firefox. We don't want user02 to be able to use firefox. You need to be logged on as root to do these commands. First, make a user group for firefox. Code:
grpadd firefox Code:
chown root:firefox /opt/firefox/firefox Code:
chmod -c u+rx,g+rx,o-rwx /opt/firefox/firefox Code:
groups user01 In general, when you have a resource that you want to give access for some accounts and not others you can create a user group for that resource and then add or remove membership in that group to control access. |
Thanks a lot for the solution!!!
One doubt... Kindly correct me if i am wrong... The above solution would work when i _know_ the number of apps that i need to restrict. e.g. i made a group of apps - Firefox, Gaim, Konqueror, Konsole, xterm, Kopete - and made groups of each of these. I assigned all five users the groups according to what was approved. Alls well as of yet.. The problem, would start now. I have missed out on Konversation. Isn't it that all five users would have access to Konversation even though i had not intended them to give that? |
Quote:
Basically you would make a user group for applications that are not approved. Then you would put all of the applications in that group. Then go back and fix the ones that have been approved buy putting them in their own group as described earlier. I can write some code to do this if you would like but I cannot guarantee that it will only affect the applications that you want to affect. In other words it could break utilities like the man utility. |
All times are GMT -5. The time now is 03:55 PM. |