I want to create a very limited user that can only click on 1 icon on their desktop, which will be a rdesktop link to a terminal server

We are running fedora core 10

Details:
1. remove gnome menu if possible (applications, places, system)
2. if 1 is not possible, be able to control whats on the menu
3. disable the ability to delete/modify/create desktop shortcuts

I would, as root:

create a new user
change the permissions for that user to none
change the desktop with its icons,menu, etc, leaving the one link

When the system is booted to that user there are no modifications possible without permissions. You might also look at and remove the keyboard shortcuts to make the system the equivalent of a entry button and nothing else.

This is not something I have tried in its entirety, but I believe it should be possible. I can do it with my openSUSE 11.0 with KDE 3.5.

Ok I have found how to change the menus, and thats not a problem anymore.

How do I set the permissions for an individual user though?

This is for 9, but should be much the same.

http://www.redhat.com/docs/manuals/l...ownership.html

Oh yes

The user may need permission for the file that is the icon.

you might also want to check out gconf if your doing this on an enterprise level

Regards
JKZfixme

What folder should I change permissions on to stop the user from changing the desktop background?

I was thinking of changing the owner of /home/lab to root and setting the permissions to 755.

I am definitely going to read more into gconf, looks like a good possible solution.

I don't know. My approach seems different.

I thought that you might set the permissions for the one user to --- (xxxxxxx---), for all files, and then set the permission for the icon file to -------r--, although it might be---------x. Would the link be read or executed?

I am assuming that this one user is not owner, not group, but member of other users. It is also possible to have the one user as the only member of his own group, and have something like xxxx------ for that group, with the icon xxxxr----- or xxxx--x---.

This seems to me to be simple and easy, with no possibility of getting around the restriction, and easily changeable.

I am used to a different notation. Here are the corresponding notations.

http://www.zzee.com/solutions/linux-permissions.shtml

I like your approach thorkelljarl but I don't know how to set permissions for everything for a specific user, maybe I'm just thinking about it differently.

If you were going to give the user lab read and execute permissions only for everything on the drive, what command would you use?

I actually ended up downloading gconf-editor and removing all the desktop icons. I removed all panels except the bottom one, and removed all buttons/applets from it. I added logoff and a custom launcher that links to rdesktop.

Maybe this.

You could create a group, for example, "notmuch" with one member/user "notmuch" with the command useradd, giving "notmuch" its own login and password and its own /home. Boot as "notmuch" and make any changes, leaving "notmuch" as you want it.

Use chmod to change the permission of "notmuch" /home so that only the the owner may read or execute, that is ?r-------- or ?--x------, depending on which is needed. What the first sign (?) should be is the sign identifying the link, perhaps -.

The system is will still be open to root, and to other "users and groups and others" as it was configured before introducing "notmuch" Other users can boot the system and use chmod as root to modify the permission of "notmuch" /home to (?)rwx------ or whatever is needed, and as "notmuch" or root manage the "notmuch" user.

Sorry for the delay, but I had to think a bit and clarify the terminology for myself, since I have all this as a GUI and am a single user on a home system trying to play system administrator.

Please read the appropriate man pages beforehand, and report back what worked and how. Good Luck

http://www.redhat.com/docs/manuals/l...ownership.html

A note.

This last proposal is in continuation of the approach in my first post. Please disregard the details of Yesterday 12:55. I was trying to reinvent the wheel, or rather the structure and administration of user accounts.

I'd personally scrap using a Desktop Environment for this user. KDE or Gnome don't really seem necessary and you could easily get away with simply launching rdesktop directly when X starts. If you still wanted the icon you could use a light window manager, maybe XFCE even. I'm not sure if I missed your purpose above, but if you simply want the app to launch when a user logs in, and then have the session restart when they are done, doing an automatic launch would seem to fit the purpose better.

Something like:

exec /usr/bin/fluxbox &
/usr/bin/rdesktop 192.168.1.2

In a .xinitrc file would seem like a good option. Launch it full screen in a standalone X session and all they can do is kill X and that will simply restart their session. Not a lot of room for them to play around with other things on the system.

-Chad

what's wrong with 'nobody' It's there by default..

My first thought is that the user nobody is designed to be just that, not a real user. No home directory, no permissions aside from the limited reason the user exists, no shell, etc. With all of this, I don't think it would be ideal to tweak the user to conform to a normal user (albeit limited) that would have a home directory from which certain variables would be declared and temp files written to allow them to start X and run rdesktop. Instead creating a separate similar user, but with slightly more resources on the system (a home directory and maybe a restricted shell) seems to me a more secure option.

-Chad

A little more

This is a little more detailed on setting up a new user.

http://www.computerhope.com/unix/useradd.htm