Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to set up my home linux box, red hat 9.0
to only open programs on the desktop this,
preventing the user from changing wallpaper or
other customisation settings on the box, or opening
other programs not in the desktop!
preventing the user from changing wallpaper or other customisation settings on the box,
If you're running Ext2/3fs you could set the immutable bit on all user config files else make them owned by a dummy user and only readable to all. Else have them loaded from a readonly hd or else a ramdisk.
to only open programs on the desktop this,
or opening other programs not in the desktop!
The "desktop" is just a concept of a workplace and has no effect on how tools are organised beneath it. Restricting access to applications depends on what you allow them to use exactly, what the impact is on the system/network, what authorization is needed to run them, and if there are any loopholes involved (an easy example being su'ing to run something owned by a privileged user that allows the user to escape to a shell).
Please give some examples of what they should be able to run and a few of what not.
i want to restrict everything but i want to allow access to
1. One Specific Directory
*so they can store their documents and pictures
2. CrossOver Office 2.0.1 & CrossOver Plugin 2.0.2
*so they can work with Microsoft Office Suite!
3. All Games
* All games installed on the machine including Q3, etc!
4. Mozilla
*so they can surf the net!
5. CorelDraw 11
* so they can do vector graphics!
6. XMMS
* so they can play music!
7. Kylix
* so they can program!
this all i need running on my box!
anything else i just want to block!
Here are a few ideas; its not perfect and depends on exactly what you are trying to achieve
1. Create a new directory. Copy or link the apps you want people to run into that directory. Then put the directory in their PATH, don't put other directories in the PATH and don't allow the user to amend the PATH variable. Of course, a user can still call other apps if they know where they are.
2. Set up a chroot environment for your users with just the apps you want. This should work OK but is fairly complex to do right.
3. Remove execute permissions for the users on apps you don't want them to run. This will work, but there is probably a lot more they can't run than they can run so will be a real pain to implement and maintain.
4. If your users use KDE, you can use the kiosk mode features to prevent them from changing wallpaper and pretty much anything else you want to lock. At the moment this involves hacking the files (I think in KDE 3.2 there is a gui interface).
preventing the user from changing wallpaper or other customisation settings on the box
i quite dint get what unSpawn's reply was to this question...especially the user config files part..if someone can explain it a bit more to me, i will be very thankful
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.