create very limited linux user, only give access to rdesktop
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
create very limited linux user, only give access to rdesktop
I want to create a very limited user that can only click on 1 icon on their desktop, which will be a rdesktop link to a terminal server
We are running fedora core 10
Details:
1. remove gnome menu if possible (applications, places, system)
2. if 1 is not possible, be able to control whats on the menu
3. disable the ability to delete/modify/create desktop shortcuts
create a new user
change the permissions for that user to none
change the desktop with its icons,menu, etc, leaving the one link
When the system is booted to that user there are no modifications possible without permissions. You might also look at and remove the keyboard shortcuts to make the system the equivalent of a entry button and nothing else.
This is not something I have tried in its entirety, but I believe it should be possible. I can do it with my openSUSE 11.0 with KDE 3.5.
Last edited by thorkelljarl; 02-16-2009 at 02:44 PM.
I thought that you might set the permissions for the one user to --- (xxxxxxx---), for all files, and then set the permission for the icon file to -------r--, although it might be---------x. Would the link be read or executed?
I am assuming that this one user is not owner, not group, but member of other users. It is also possible to have the one user as the only member of his own group, and have something like xxxx------ for that group, with the icon xxxxr----- or xxxx--x---.
This seems to me to be simple and easy, with no possibility of getting around the restriction, and easily changeable.
I am used to a different notation. Here are the corresponding notations.
I like your approach thorkelljarl but I don't know how to set permissions for everything for a specific user, maybe I'm just thinking about it differently.
If you were going to give the user lab read and execute permissions only for everything on the drive, what command would you use?
I actually ended up downloading gconf-editor and removing all the desktop icons. I removed all panels except the bottom one, and removed all buttons/applets from it. I added logoff and a custom launcher that links to rdesktop.
You could create a group, for example, "notmuch" with one member/user "notmuch" with the command useradd, giving "notmuch" its own login and password and its own /home. Boot as "notmuch" and make any changes, leaving "notmuch" as you want it.
Use chmod to change the permission of "notmuch" /home so that only the the owner may read or execute, that is ?r-------- or ?--x------, depending on which is needed. What the first sign (?) should be is the sign identifying the link, perhaps -.
The system is will still be open to root, and to other "users and groups and others" as it was configured before introducing "notmuch" Other users can boot the system and use chmod as root to modify the permission of "notmuch" /home to (?)rwx------ or whatever is needed, and as "notmuch" or root manage the "notmuch" user.
Sorry for the delay, but I had to think a bit and clarify the terminology for myself, since I have all this as a GUI and am a single user on a home system trying to play system administrator.
Please read the appropriate man pages beforehand, and report back what worked and how. Good Luck
This last proposal is in continuation of the approach in my first post. Please disregard the details of Yesterday 12:55. I was trying to reinvent the wheel, or rather the structure and administration of user accounts.
Last edited by thorkelljarl; 02-18-2009 at 10:46 AM.
I'd personally scrap using a Desktop Environment for this user. KDE or Gnome don't really seem necessary and you could easily get away with simply launching rdesktop directly when X starts. If you still wanted the icon you could use a light window manager, maybe XFCE even. I'm not sure if I missed your purpose above, but if you simply want the app to launch when a user logs in, and then have the session restart when they are done, doing an automatic launch would seem to fit the purpose better.
In a .xinitrc file would seem like a good option. Launch it full screen in a standalone X session and all they can do is kill X and that will simply restart their session. Not a lot of room for them to play around with other things on the system.
My first thought is that the user nobody is designed to be just that, not a real user. No home directory, no permissions aside from the limited reason the user exists, no shell, etc. With all of this, I don't think it would be ideal to tweak the user to conform to a normal user (albeit limited) that would have a home directory from which certain variables would be declared and temp files written to allow them to start X and run rdesktop. Instead creating a separate similar user, but with slightly more resources on the system (a home directory and maybe a restricted shell) seems to me a more secure option.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.