LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-06-2003, 06:50 PM   #1
FreakboY
Member
 
Registered: Jun 2002
Location: TX, USA
Distribution: Slackware
Posts: 385

Rep: Reputation: 32
How to prevent user from using other apps!??


Dear all,

I want to set up my home linux box, red hat 9.0
to only open programs on the desktop this,
preventing the user from changing wallpaper or
other customisation settings on the box, or opening
other programs not in the desktop!

is there a way to do this!??

Regards,
Fernie...
 
Old 10-07-2003, 06:44 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
preventing the user from changing wallpaper or other customisation settings on the box,
If you're running Ext2/3fs you could set the immutable bit on all user config files else make them owned by a dummy user and only readable to all. Else have them loaded from a readonly hd or else a ramdisk.

to only open programs on the desktop this,
or opening other programs not in the desktop!

The "desktop" is just a concept of a workplace and has no effect on how tools are organised beneath it. Restricting access to applications depends on what you allow them to use exactly, what the impact is on the system/network, what authorization is needed to run them, and if there are any loopholes involved (an easy example being su'ing to run something owned by a privileged user that allows the user to escape to a shell).

Please give some examples of what they should be able to run and a few of what not.
 
Old 10-09-2003, 12:46 AM   #3
FreakboY
Member
 
Registered: Jun 2002
Location: TX, USA
Distribution: Slackware
Posts: 385

Original Poster
Rep: Reputation: 32
i want to restrict everything but i want to allow access to

1. One Specific Directory
*so they can store their documents and pictures
2. CrossOver Office 2.0.1 & CrossOver Plugin 2.0.2
*so they can work with Microsoft Office Suite!
3. All Games
* All games installed on the machine including Q3, etc!
4. Mozilla
*so they can surf the net!
5. CorelDraw 11
* so they can do vector graphics!
6. XMMS
* so they can play music!
7. Kylix
* so they can program!

this all i need running on my box!
anything else i just want to block!

thanks for your help!
 
Old 10-09-2003, 03:39 AM   #4
iainr
Member
 
Registered: Nov 2002
Location: England
Distribution: Ubuntu 9.04
Posts: 631

Rep: Reputation: 30
Here are a few ideas; its not perfect and depends on exactly what you are trying to achieve

1. Create a new directory. Copy or link the apps you want people to run into that directory. Then put the directory in their PATH, don't put other directories in the PATH and don't allow the user to amend the PATH variable. Of course, a user can still call other apps if they know where they are.

2. Set up a chroot environment for your users with just the apps you want. This should work OK but is fairly complex to do right.

3. Remove execute permissions for the users on apps you don't want them to run. This will work, but there is probably a lot more they can't run than they can run so will be a real pain to implement and maintain.

4. If your users use KDE, you can use the kiosk mode features to prevent them from changing wallpaper and pretty much anything else you want to lock. At the moment this involves hacking the files (I think in KDE 3.2 there is a gui interface).

Iain
 
Old 09-08-2005, 04:22 AM   #5
kb_ganesh
Member
 
Registered: Jun 2005
Posts: 42

Rep: Reputation: 15
Quote:
preventing the user from changing wallpaper or other customisation settings on the box
i quite dint get what unSpawn's reply was to this question...especially the user config files part..if someone can explain it a bit more to me, i will be very thankful
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to prevent KDM from displaying the last user logged in smithtodda SUSE / openSUSE 4 05-23-2005 07:57 PM
how to prevent mdk10/kde from launching apps at bootup? webazoid Linux - Software 1 08-02-2004 01:13 AM
Prevent user from accessing the Internet koy-b Linux - Security 2 07-17-2004 12:17 PM
Prevent a user from logging into X? sorrodos Linux - Security 6 06-26-2004 03:30 PM
Running apps under another user Vlackmar Linux - General 1 03-06-2002 02:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration