• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 669
  • Last Modified:

Limited access to user group

Hallo all

I have a think client.. all have access to resources stored
in the server via a remote application.

I need to create a group in Ubuntu server.
and assigned the individual users of the client to this group.

This group should have access only to applications that are assigned to the group.
How can I create this group and assign the respective applications to them.
And also assigned the individual users to this group.
A script or tutorial will be appreciated..

Thanks in Advance.
  • 4
  • 3
1 Solution
Daniel HelgenbergerCommented:
As usual there are several ways to achieve this. Right now I can think of an approach using sudo or filesystem permissions.  Both only works if your remote access users do not have root rights and are accessing these applications only on the local system.

The cleaner way is using POSIX permissions. You need to collect the applications the group has access to in a one folder. If this is not possible, you will need to modify the access rights individually.
#example: all software installed in /opt/restricted; example group 'workers', example user 'jim'
#add the group
groupadd workers
#add jim to workers, do that for all the users
usermod -aG workers jim
#change the owner and access permissions of the root path
chown root:workers /opt/restricted
chmod 750 /opt/restricted

Open in new window

This example works by denying all regular (=non root) users not member of 'workers' access to the root folder.
Now put all your applications in this directory.

Does this help?
Note: you can have a more fine grained list allowing several groups using access control lists (ACL's)
ZURINETAuthor Commented:
Hi Daniel..

Thanks for your input..  I am a  window guy.. but did some Linux tiwcking in my Uni time..

Is there any applicaiton that can help me achive this..  Regarding the ACL how can I access this? is there any application guideline somewhere. ?

I also need to give them access to printing.. if all the application are not in  a single folder.. is there a way to move all the needed apps to a single folder. Or I need to grant or deny access to all the affected apps individually.?

Thanks in Advance
Daniel HelgenbergerCommented:

please allow me some questions then:
- Window guy refers you only know 'windows' or you rather like using applications with a GUI?
- What kind of applications are you talking about, some default Ubuntu? Self compiled? Did you install them?
- Do you use a directory server of some kind (active directory) to manage uses?
- Does it maybe suffice to remove the desktop entry for that application (users will still be able to start an application using the shell)
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

ZURINETAuthor Commented:
I have an Ubuntu http://www.ubuntu.com/desktop installed.
I know how to scrtipt in Linux and Unix system.. but prefer.. GUI if available .

The application incldues Web browser (Firefox, Opera and Crome).. also a time management application..
The system is for Educational pourpose.. (I have one desktop install , the rest of the thin client access resources in the system via (Ncomputing: vspace-l_3.1.3-r7613_ubuntu-10.04_i686_Install_1st.deb) This has been installed aready and its working.

I don't have any directory server.. this is a standalone system.

User can only start appliction via apps. .. Most of the users are not expericence with computer.. They just need to access web browser.. or educational application..

Hope I have answered your questions

Thanks in advance
Daniel HelgenbergerCommented:
Ok, then it is the other way around; you want to block all applications and allow only some?

This is called kiosk. For the setup to be secure it takes some configuration steps:

An easier way would be /usr/share/applications

if you move all the *.desktop files to another location, like ~./local/share/applications - only your user will have desktop access to them. I consider this as still sufficiently safe if the users are regular.
ZURINETAuthor Commented:
Thanks for the tip.. :-) Will give it a try as soon as i get home

Just one last question..?  Do you know of any Linux based time management System for Cyber caffe or Internet cafe.. or HotSpot..

Thanks in Advance
Daniel HelgenbergerCommented:
Do you know of any Linux based time management System for Cyber caffe or Internet cafe.. or HotSpot.

I think this should be moved to another question. Also, I am not sure what you mean exactly?
If you want a hot spot, there are appliance firewalls combined with captive portals. They normally feature all you need.

My favorite, pfSense:

A very cool thing, if you have not more then 25 ip's to route, Sophos UTM9:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now