I plan to reinstall my
Linux distribution and apply some specific rules to improve security and keep some comfort at the same time. The plan is to create few users for specific aims:
user - main account with administrative privileges and access to all non-root folders;
gamer - ordinary account with no administrative privileges and limited access to few shared folders like 'Music', 'Pictures', 'Videos' etc.;
skype - ordinary account with access limited to dedicated subfolders to download and upload files;
browser - ordinary account with access limited to dedicated subfolders to download and upload files;
I want to work on
user account and run browser as
browser user with access only to 'Downloads' and 'Uploads' folders. The disadvantage will be that to send file through browser I will be forced to copy it to 'Uploads' folder first. I want to apply similar rules, but with more restrictions, to
skype user. My concern is if it will be possible to share sound card and camera between profiles/users?
Bit different situation is with
gamer profile. I can switch user and run games on it.
Gamer will also have limited access to folders like 'Music', 'Pictures', 'Videos' etc. Perfectly will be to run games on restricted
gamer account being logged-in as
user.
WHAT I ALREADY DID
I can easily share folders between profiles and create dedicated RAM disk. I also ran
Firefox with some limitations (see below).
FOR WHAT I NEED HELP
I tried to run
Skype as different user several times in the past, but with no success. Yesterday I spent literally whole day browsing the Internet and
LinuxQuestions forum to find how to run
Firefox as different user. What I figured out is that I need to use
pkexec command.
When I ran
Code:
pkexec -u gamer firefox
I've got the following error:
Code:
Error: no DISPLAY environment variable specified
Then I created
org.mozilla.firefox.policy in
/usr/share/polkit-1/actions folder.
Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>
<vendor>Mozilla Foundation</vendor>
<vendor_url>https://mozilla.org/</vendor_url>
<action id="org.freedesktop.policykit.example.pkexec.run-firefox">
<description>Run Firefox Web Browser</description>
<message>Authentication is required to run Firefox (user=$(user), program=$(program), command_line=$(command_line))</message>
<icon_name>audio-x-generic</icon_name>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_self_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/firefox</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
</action>
</policyconfig>
and tried again
Code:
pkexec -u gamer firefox
to see new error:
Code:
No protocol specified
Failed to connect to Mir: Failed to connect to server socket: No such file or directory
Unable to init server: Could not connect: Connection refused
Error: cannot open display: :0
Then I found
this thread.
I ran
Code:
sudo xhost local:test
and got in return
Code:
non-network local connections being added to access control list
One more try...
Code:
pkexec -u gamer firefox
Firefox started with tabs opened by another user! Success! Almost. :-( There is no sound from browser and in bash I see repeating the following error:
Code:
(firefox:27070): dconf-CRITICAL **: unable to create file '/home/gamer/.cache/dconf/user': Permission denied. dconf will not work properly.
Could anyone advise how to force application with GUI, like
Firefox or
Skype, to run through
pkexec with sound?