• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 665
  • Last Modified:

Limited access to user group

Hallo all

I have a think client.. all have access to resources stored
in the server via a remote application.

I need to create a group in Ubuntu server.
and assigned the individual users of the client to this group.

This group should have access only to applications that are assigned to the group.
How can I create this group and assign the respective applications to them.
And also assigned the individual users to this group.
A script or tutorial will be appreciated..

Thanks in Advance.
0
ZURINET
Asked:
ZURINET
  • 4
  • 3
1 Solution
 
Daniel HelgenbergerCommented:
As usual there are several ways to achieve this. Right now I can think of an approach using sudo or filesystem permissions.  Both only works if your remote access users do not have root rights and are accessing these applications only on the local system.

The cleaner way is using POSIX permissions. You need to collect the applications the group has access to in a one folder. If this is not possible, you will need to modify the access rights individually.
#example: all software installed in /opt/restricted; example group 'workers', example user 'jim'
#add the group
groupadd workers
#add jim to workers, do that for all the users
usermod -aG workers jim
#change the owner and access permissions of the root path
chown root:workers /opt/restricted
chmod 750 /opt/restricted

Open in new window

This example works by denying all regular (=non root) users not member of 'workers' access to the root folder.
Now put all your applications in this directory.

Does this help?
Note: you can have a more fine grained list allowing several groups using access control lists (ACL's)
0
 
ZURINETAuthor Commented:
Hi Daniel..

Thanks for your input..  I am a  window guy.. but did some Linux tiwcking in my Uni time..

Is there any applicaiton that can help me achive this..  Regarding the ACL how can I access this? is there any application guideline somewhere. ?

I also need to give them access to printing.. if all the application are not in  a single folder.. is there a way to move all the needed apps to a single folder. Or I need to grant or deny access to all the affected apps individually.?

Thanks in Advance
0
 
Daniel HelgenbergerCommented:
Hello,

please allow me some questions then:
- Window guy refers you only know 'windows' or you rather like using applications with a GUI?
- What kind of applications are you talking about, some default Ubuntu? Self compiled? Did you install them?
- Do you use a directory server of some kind (active directory) to manage uses?
- Does it maybe suffice to remove the desktop entry for that application (users will still be able to start an application using the shell)
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
ZURINETAuthor Commented:
I have an Ubuntu http://www.ubuntu.com/desktop installed.
I know how to scrtipt in Linux and Unix system.. but prefer.. GUI if available .

The application incldues Web browser (Firefox, Opera and Crome).. also a time management application..
The system is for Educational pourpose.. (I have one desktop install , the rest of the thin client access resources in the system via (Ncomputing: vspace-l_3.1.3-r7613_ubuntu-10.04_i686_Install_1st.deb) This has been installed aready and its working.

I don't have any directory server.. this is a standalone system.

User can only start appliction via apps. .. Most of the users are not expericence with computer.. They just need to access web browser.. or educational application..

Hope I have answered your questions

Thanks in advance
0
 
Daniel HelgenbergerCommented:
Ok, then it is the other way around; you want to block all applications and allow only some?

This is called kiosk. For the setup to be secure it takes some configuration steps:
http://m.instructables.com/id/Setting-Up-Ubuntu-as-a-Kiosk-Web-Appliance/all/

An easier way would be /usr/share/applications

if you move all the *.desktop files to another location, like ~./local/share/applications - only your user will have desktop access to them. I consider this as still sufficiently safe if the users are regular.
0
 
ZURINETAuthor Commented:
Hi
Thanks for the tip.. :-) Will give it a try as soon as i get home

Just one last question..?  Do you know of any Linux based time management System for Cyber caffe or Internet cafe.. or HotSpot..

Thanks in Advance
0
 
Daniel HelgenbergerCommented:
Do you know of any Linux based time management System for Cyber caffe or Internet cafe.. or HotSpot.

I think this should be moved to another question. Also, I am not sure what you mean exactly?
If you want a hot spot, there are appliance firewalls combined with captive portals. They normally feature all you need.

My favorite, pfSense:
http://pfsense.org

A very cool thing, if you have not more then 25 ip's to route, Sophos UTM9:
http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now