?
Solved

Limited access to user group

Posted on 2014-03-23
7
Medium Priority
?
650 Views
Last Modified: 2014-03-24
Hallo all

I have a think client.. all have access to resources stored
in the server via a remote application.

I need to create a group in Ubuntu server.
and assigned the individual users of the client to this group.

This group should have access only to applications that are assigned to the group.
How can I create this group and assign the respective applications to them.
And also assigned the individual users to this group.
A script or tutorial will be appreciated..

Thanks in Advance.
0
Comment
Question by:ZURINET
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 13

Expert Comment

by:Daniel Helgenberger
ID: 39949691
As usual there are several ways to achieve this. Right now I can think of an approach using sudo or filesystem permissions.  Both only works if your remote access users do not have root rights and are accessing these applications only on the local system.

The cleaner way is using POSIX permissions. You need to collect the applications the group has access to in a one folder. If this is not possible, you will need to modify the access rights individually.
#example: all software installed in /opt/restricted; example group 'workers', example user 'jim'
#add the group
groupadd workers
#add jim to workers, do that for all the users
usermod -aG workers jim
#change the owner and access permissions of the root path
chown root:workers /opt/restricted
chmod 750 /opt/restricted

Open in new window

This example works by denying all regular (=non root) users not member of 'workers' access to the root folder.
Now put all your applications in this directory.

Does this help?
Note: you can have a more fine grained list allowing several groups using access control lists (ACL's)
0
 

Author Comment

by:ZURINET
ID: 39949695
Hi Daniel..

Thanks for your input..  I am a  window guy.. but did some Linux tiwcking in my Uni time..

Is there any applicaiton that can help me achive this..  Regarding the ACL how can I access this? is there any application guideline somewhere. ?

I also need to give them access to printing.. if all the application are not in  a single folder.. is there a way to move all the needed apps to a single folder. Or I need to grant or deny access to all the affected apps individually.?

Thanks in Advance
0
 
LVL 13

Expert Comment

by:Daniel Helgenberger
ID: 39949717
Hello,

please allow me some questions then:
- Window guy refers you only know 'windows' or you rather like using applications with a GUI?
- What kind of applications are you talking about, some default Ubuntu? Self compiled? Did you install them?
- Do you use a directory server of some kind (active directory) to manage uses?
- Does it maybe suffice to remove the desktop entry for that application (users will still be able to start an application using the shell)
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:ZURINET
ID: 39949741
I have an Ubuntu http://www.ubuntu.com/desktop installed.
I know how to scrtipt in Linux and Unix system.. but prefer.. GUI if available .

The application incldues Web browser (Firefox, Opera and Crome).. also a time management application..
The system is for Educational pourpose.. (I have one desktop install , the rest of the thin client access resources in the system via (Ncomputing: vspace-l_3.1.3-r7613_ubuntu-10.04_i686_Install_1st.deb) This has been installed aready and its working.

I don't have any directory server.. this is a standalone system.

User can only start appliction via apps. .. Most of the users are not expericence with computer.. They just need to access web browser.. or educational application..

Hope I have answered your questions

Thanks in advance
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 2000 total points
ID: 39949760
Ok, then it is the other way around; you want to block all applications and allow only some?

This is called kiosk. For the setup to be secure it takes some configuration steps:
http://m.instructables.com/id/Setting-Up-Ubuntu-as-a-Kiosk-Web-Appliance/all/

An easier way would be /usr/share/applications

if you move all the *.desktop files to another location, like ~./local/share/applications - only your user will have desktop access to them. I consider this as still sufficiently safe if the users are regular.
0
 

Author Comment

by:ZURINET
ID: 39950086
Hi
Thanks for the tip.. :-) Will give it a try as soon as i get home

Just one last question..?  Do you know of any Linux based time management System for Cyber caffe or Internet cafe.. or HotSpot..

Thanks in Advance
0
 
LVL 13

Expert Comment

by:Daniel Helgenberger
ID: 39950413
Do you know of any Linux based time management System for Cyber caffe or Internet cafe.. or HotSpot.

I think this should be moved to another question. Also, I am not sure what you mean exactly?
If you want a hot spot, there are appliance firewalls combined with captive portals. They normally feature all you need.

My favorite, pfSense:
http://pfsense.org

A very cool thing, if you have not more then 25 ip's to route, Sophos UTM9:
http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month12 days, left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question