Solved

Limited access to user group

Posted on 2014-03-23
7
639 Views
Last Modified: 2014-03-24
Hallo all

I have a think client.. all have access to resources stored
in the server via a remote application.

I need to create a group in Ubuntu server.
and assigned the individual users of the client to this group.

This group should have access only to applications that are assigned to the group.
How can I create this group and assign the respective applications to them.
And also assigned the individual users to this group.
A script or tutorial will be appreciated..

Thanks in Advance.
0
Comment
Question by:ZURINET
  • 4
  • 3
7 Comments
 
LVL 13

Expert Comment

by:Daniel Helgenberger
ID: 39949691
As usual there are several ways to achieve this. Right now I can think of an approach using sudo or filesystem permissions.  Both only works if your remote access users do not have root rights and are accessing these applications only on the local system.

The cleaner way is using POSIX permissions. You need to collect the applications the group has access to in a one folder. If this is not possible, you will need to modify the access rights individually.
#example: all software installed in /opt/restricted; example group 'workers', example user 'jim'
#add the group
groupadd workers
#add jim to workers, do that for all the users
usermod -aG workers jim
#change the owner and access permissions of the root path
chown root:workers /opt/restricted
chmod 750 /opt/restricted

Open in new window

This example works by denying all regular (=non root) users not member of 'workers' access to the root folder.
Now put all your applications in this directory.

Does this help?
Note: you can have a more fine grained list allowing several groups using access control lists (ACL's)
0
 

Author Comment

by:ZURINET
ID: 39949695
Hi Daniel..

Thanks for your input..  I am a  window guy.. but did some Linux tiwcking in my Uni time..

Is there any applicaiton that can help me achive this..  Regarding the ACL how can I access this? is there any application guideline somewhere. ?

I also need to give them access to printing.. if all the application are not in  a single folder.. is there a way to move all the needed apps to a single folder. Or I need to grant or deny access to all the affected apps individually.?

Thanks in Advance
0
 
LVL 13

Expert Comment

by:Daniel Helgenberger
ID: 39949717
Hello,

please allow me some questions then:
- Window guy refers you only know 'windows' or you rather like using applications with a GUI?
- What kind of applications are you talking about, some default Ubuntu? Self compiled? Did you install them?
- Do you use a directory server of some kind (active directory) to manage uses?
- Does it maybe suffice to remove the desktop entry for that application (users will still be able to start an application using the shell)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:ZURINET
ID: 39949741
I have an Ubuntu http://www.ubuntu.com/desktop installed.
I know how to scrtipt in Linux and Unix system.. but prefer.. GUI if available .

The application incldues Web browser (Firefox, Opera and Crome).. also a time management application..
The system is for Educational pourpose.. (I have one desktop install , the rest of the thin client access resources in the system via (Ncomputing: vspace-l_3.1.3-r7613_ubuntu-10.04_i686_Install_1st.deb) This has been installed aready and its working.

I don't have any directory server.. this is a standalone system.

User can only start appliction via apps. .. Most of the users are not expericence with computer.. They just need to access web browser.. or educational application..

Hope I have answered your questions

Thanks in advance
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 500 total points
ID: 39949760
Ok, then it is the other way around; you want to block all applications and allow only some?

This is called kiosk. For the setup to be secure it takes some configuration steps:
http://m.instructables.com/id/Setting-Up-Ubuntu-as-a-Kiosk-Web-Appliance/all/

An easier way would be /usr/share/applications

if you move all the *.desktop files to another location, like ~./local/share/applications - only your user will have desktop access to them. I consider this as still sufficiently safe if the users are regular.
0
 

Author Comment

by:ZURINET
ID: 39950086
Hi
Thanks for the tip.. :-) Will give it a try as soon as i get home

Just one last question..?  Do you know of any Linux based time management System for Cyber caffe or Internet cafe.. or HotSpot..

Thanks in Advance
0
 
LVL 13

Expert Comment

by:Daniel Helgenberger
ID: 39950413
Do you know of any Linux based time management System for Cyber caffe or Internet cafe.. or HotSpot.

I think this should be moved to another question. Also, I am not sure what you mean exactly?
If you want a hot spot, there are appliance firewalls combined with captive portals. They normally feature all you need.

My favorite, pfSense:
http://pfsense.org

A very cool thing, if you have not more then 25 ip's to route, Sophos UTM9:
http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question