qeldroma Posted July 27, 2004 Report Share Posted July 27, 2004 Hi again, i want to add an LM10 user, that is VERY secure for me, what means that he/she shouldn't be allowed to do anything but using the applications from the menus. Additionally, this user should not be able to view the filesystem above his home. I thought about removing the read and execute rights for "others" from all files, but i am pretty sure, that i will break my system with this method, so i am asking, what you have done.... Greets, qeldroma Quote Link to comment Share on other sites More sharing options...
devries Posted July 27, 2004 Report Share Posted July 27, 2004 (edited) KDE has a kiosk mode. Don't know about Gnome but I guess they will have something similar. Good luck http://extragear.kde.org/apps/kiosktool.php Edited July 27, 2004 by devries Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted July 28, 2004 Report Share Posted July 28, 2004 (edited) The first thing to do is to make this user with its own primary group (probably named the same as the login). That way, you're sure it'll fall into the "other" category. You can already remove write access to this user by executing something like (# is root's prompt): # cd / # /bin/ls | grep -vFx proc | grep -vFx dev | xargs chmod -R o-w Then remains the problem of visibility. You have to know that in Unix (so in Linux too), there is a difference between seeing the content of a directory ( r), and crossing (x) the directory down to a sub-directory. Make the list of directories that your user need. For this post, I'll assume the list is as follow: - /bin, /etc, /home/<login>, /lib, /tmp, /var/spool/mail (this one can be removed by running a POP server), - /usr/bin, /usr/etc, /usr/lib, /usr/man, /usr/share, - /usr/local/bin, /usr/local/etc, /usr/local/lib, /usr/local/man, /usr/local/share I would try that (msec may hinder you): # cd / # find . -type d \( -name proc -prune \) -o \( -name dev -prune \) -o -name "*" | xargs chmod o-r And for directories that this user needs (example with list above): # for direc in /bin /etc /home/<login> /lib /tmp /var/spool/mail /usr/bin /usr/etc /usr/lib /usr/man /usr/share /usr/local/bin /usr/local/etc /usr/local/lib /usr/local/man /usr/local/share; do find "$direc" -type d -exec chmod o+r {} \; ; done Now your user should be able to see the content of directories only for those that he needs. But the directories themselves are still visible (eg: /sbin is visible, even though its content is not). The only way I know for completely hiding directories without removing them, and without removing access to them, is gobohide. I haven't tried it yet, though I intend to do. You can find it at gobolinux.org. It requires that you compile your own kernel. Yves. Edited July 28, 2004 by theYinYeti Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.