Solved

Limited access to user group

Posted on 2014-03-23
7
627 Views
Last Modified: 2014-03-24
Hallo all

I have a think client.. all have access to resources stored
in the server via a remote application.

I need to create a group in Ubuntu server.
and assigned the individual users of the client to this group.

This group should have access only to applications that are assigned to the group.
How can I create this group and assign the respective applications to them.
And also assigned the individual users to this group.
A script or tutorial will be appreciated..

Thanks in Advance.
0
Comment
Question by:ZURINET
  • 4
  • 3
7 Comments
 
LVL 13

Expert Comment

by:Daniel Helgenberger
Comment Utility
As usual there are several ways to achieve this. Right now I can think of an approach using sudo or filesystem permissions.  Both only works if your remote access users do not have root rights and are accessing these applications only on the local system.

The cleaner way is using POSIX permissions. You need to collect the applications the group has access to in a one folder. If this is not possible, you will need to modify the access rights individually.
#example: all software installed in /opt/restricted; example group 'workers', example user 'jim'
#add the group
groupadd workers
#add jim to workers, do that for all the users
usermod -aG workers jim
#change the owner and access permissions of the root path
chown root:workers /opt/restricted
chmod 750 /opt/restricted

Open in new window

This example works by denying all regular (=non root) users not member of 'workers' access to the root folder.
Now put all your applications in this directory.

Does this help?
Note: you can have a more fine grained list allowing several groups using access control lists (ACL's)
0
 

Author Comment

by:ZURINET
Comment Utility
Hi Daniel..

Thanks for your input..  I am a  window guy.. but did some Linux tiwcking in my Uni time..

Is there any applicaiton that can help me achive this..  Regarding the ACL how can I access this? is there any application guideline somewhere. ?

I also need to give them access to printing.. if all the application are not in  a single folder.. is there a way to move all the needed apps to a single folder. Or I need to grant or deny access to all the affected apps individually.?

Thanks in Advance
0
 
LVL 13

Expert Comment

by:Daniel Helgenberger
Comment Utility
Hello,

please allow me some questions then:
- Window guy refers you only know 'windows' or you rather like using applications with a GUI?
- What kind of applications are you talking about, some default Ubuntu? Self compiled? Did you install them?
- Do you use a directory server of some kind (active directory) to manage uses?
- Does it maybe suffice to remove the desktop entry for that application (users will still be able to start an application using the shell)
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:ZURINET
Comment Utility
I have an Ubuntu http://www.ubuntu.com/desktop installed.
I know how to scrtipt in Linux and Unix system.. but prefer.. GUI if available .

The application incldues Web browser (Firefox, Opera and Crome).. also a time management application..
The system is for Educational pourpose.. (I have one desktop install , the rest of the thin client access resources in the system via (Ncomputing: vspace-l_3.1.3-r7613_ubuntu-10.04_i686_Install_1st.deb) This has been installed aready and its working.

I don't have any directory server.. this is a standalone system.

User can only start appliction via apps. .. Most of the users are not expericence with computer.. They just need to access web browser.. or educational application..

Hope I have answered your questions

Thanks in advance
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 500 total points
Comment Utility
Ok, then it is the other way around; you want to block all applications and allow only some?

This is called kiosk. For the setup to be secure it takes some configuration steps:
http://m.instructables.com/id/Setting-Up-Ubuntu-as-a-Kiosk-Web-Appliance/all/

An easier way would be /usr/share/applications

if you move all the *.desktop files to another location, like ~./local/share/applications - only your user will have desktop access to them. I consider this as still sufficiently safe if the users are regular.
0
 

Author Comment

by:ZURINET
Comment Utility
Hi
Thanks for the tip.. :-) Will give it a try as soon as i get home

Just one last question..?  Do you know of any Linux based time management System for Cyber caffe or Internet cafe.. or HotSpot..

Thanks in Advance
0
 
LVL 13

Expert Comment

by:Daniel Helgenberger
Comment Utility
Do you know of any Linux based time management System for Cyber caffe or Internet cafe.. or HotSpot.

I think this should be moved to another question. Also, I am not sure what you mean exactly?
If you want a hot spot, there are appliance firewalls combined with captive portals. They normally feature all you need.

My favorite, pfSense:
http://pfsense.org

A very cool thing, if you have not more then 25 ip's to route, Sophos UTM9:
http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now