How do I restrict a particular user to use only XFCE?
Slackware - InstallationThis forum is for the discussion of installation issues with Slackware.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How do I restrict a particular user to use only XFCE?
Hello,
I want to restrict a particular user on my system to use only XFCE. I do not want him to select any other session in GDM. How do I do this in Slack 10.1?
I don't know about the GDM, but even configuring that probably wouldn't stop them, because they could just run that WM from the shell. you could remove all their permissions to the binaries that start the other window managers e.g.
Code:
useradd user # create "user"
groupadd group # create "group"
gpasswd -a user group # add "user" to "group"
chown :group /usr/bin/gnome-session # set /usr/bin/gnome-session's group to "group"
chmod g= /usr/bin/gnome-session # remove "group" permissions to start gnome
theres probably an easier way to do this but I am still a noob, so this is all I can come up with.
EDIT: hey it made a scrollbar on the code.. I didn't know it did that.. cool.
Last edited by Ynot Irucrem; 05-21-2005 at 01:58 PM.
yeah, but it probably wont change the GDM menu (unless its smart and checks permissions), so if they choose another window manager, they will get an ugly permissions error. also I don't know if this is the best way to set up the permissions, im still learning about permissions and groups etc. what would you do if you needed 4 ppl to have different perms to the same file? cuz theres only 3 things: user, group and others.
EDIT: wait, "could" do it that way? wouldn't blocking their permission to it be the only way?
Last edited by Ynot Irucrem; 05-21-2005 at 02:19 PM.
Since you are using a Slackware based distro, a PAM solution would not work. I think you may need to change one of scripts which is used during x-windows startup or during login to check the UID number of the user and conditionally set the $DESKTOP variable. Because you want to do this for only one user, I don't think simply setting permissions would work. The commands would be used by the other users, so the 'other' permission bit would need to be set. This means that you can't restrict the permissions to this one user without effecting all of the others.
Here's what I did after installing blackbox-0.70.0. Blackbox-0.70.0 installs to a different directory than blackbox-0.65.0, so I had to figure out how to get 0.70 to start instead of 0.65.
as root:
# cd /home/*username*
open '/.xinitrc' with your favorite text editor
go to the bottom and change:
Code:
# Start the window manager:
exec /full/path/to/windowmanager
And that should take care of it.
And if you don't want the user to mess with the file, do 'chown root ./.xinitrc' and 'chgrp root ./.xinitrc' to keep them from messing with it. I think that covers it. Any other questions ask. Either I or somene else can answer them.
Placing an appropriate .xsession file in the users hoke directory seems to do what you want with wdm, and might with gdm.
The display manager menu is system-level so you can't change it for just one user. But an .xsession, .Xsession or .Xclients file in $HOME may override or intervene choices made from the menu.
I want to restrict a particular user on my system to use only XFCE. I do not want him to select any other session in GDM. How do I do this in Slack 10.1?
Thanks for your help,
Anand
I do not think if it is possible to really prevent this. All solutions I have read from the previous posts can be bypassed. For exemple if gnome-session is not executable, the user can copy all of gnome in its home directory make it executable and launch it from a xsession file (this necessitate to adjust some environement varibales). Perhaps the most secure way would be to path the Xsession file launched by gdm and to remoive the suid bit of X to prevent the user from launching another session from the console.
But even in this case i do see what could prevent this user, once in xfce to lauch whatever he want from it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.