Re: [Ltsp-discuss] Intreface graphical

Tue, 16 Apr 2002 09:43:32 -0700 

Il giorno Mon, 15 Apr 2002, rob cos� ha scritto:

|From: rob <[EMAIL PROTECTED]>
|To: [EMAIL PROTECTED], [EMAIL PROTECTED]
|Date: Mon, 15 Apr 2002 12:35:26 -0400
|Subject: Re: [Ltsp-discuss] Intreface graphical
|
|> Finally, how can I block services for different workstations? I mean, 
|> station A can use only Netscape, station B can use only text editor, etc...
|
|These are the two methods that come to mind...like everything else in linux, there 
|are a hundred other ways to accomplish the same task.
|
|One method would be to diplay in a user's menu only those apps that you wish them to 
|run. This is accomplished differently for each different WindowManager (which one are 
|you using?). This method is fairly easy to maintain. However, this does not prevent a 
|user from opening a shell and typing 'netscape' or whatever to run the app unless of 
|course you don't give them a shell menu option.
|
|You could create one or more groups and change ownership and permissions of the 
|various apps so that only users in the group can run the app.
|For example, if you wanted to limit who could run 'netscape':
|1. Create a group called 'netscape' or 'station_a' or whatever
|2. change group ownership of /usr/bin/netscape chgrp groupname /usr/bin/netscape
|3. Change permissions of /usr/bin/netscape: chmod 754 /usr/bin/netscape
|4. Add users to the group that need to run the app
|This way becomes a huge adminstrative task if you have alot of apps to lock down but 
|with some thought, you could figure out a quick/easy way to do it.
|
|cheers,
|rob

  Maybe the use of a restricted shell should be considered.  See man 1 rbash,
for instance.  If you don't have rbash, just create a symlink to bash:

# ln -s /bin/bash /bin/rbash

  Then, the restricted user should have rbash as he's login shell:

# usermod -s /bin/rbash restricted_user

  The restricted shell can be used in conjunction with the "enable" and
"enable -n" commands in the restricted user's ~/.bash_profile to enable and
disable the shell's builtin commands.




  Sandro



-- 
Bellum se ipsum alet.
       La guerra nutre se stessa.

Livio, "Ab urbe condita", XXXIV,9


_____________________________________________________________________
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
      https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.openprojects.net

Reply via email to