Re: how to restrict user from running some downloaded prgm?
From: James T (turajb_at__NOSPAM_hoflink.com)
Date: 08/14/05
- Previous message: Unruh: "Re: how to restrict user from running some downloaded prgm?"
- In reply to: Guagua: "how to restrict user from running some downloaded prgm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 13 Aug 2005 22:21:59 -0400
On Fri, 12 Aug 2005 09:48:22 -0700, Guagua wrote:
> For example, user can download another version of some program (like
> mozilla), and install in their own directory(like run
> ./mozilla-install-bin). But I don't want them to do that, since they
> should really use the shared one in /usr directory. One way to do that
> is to restrict them from running the installation program. How could I
> do that? Or any other ways?
>
> Thanks a lot.
Maybe I'm missing something here, but wouldn't SELinux (secured enabled
linux) do that? It is designed to enforce security policies and restrict
the system to allowed programs.
I believe that if you setup SELinux to restrict your system to only
allowed/registered applications, that should do it.
Then if you want to further lock down the usage on your system, mix that
with removing execute ability on /home, enabling disk quotas, and removing
shell access to those users which do not need it. At least this is where
I would begin if I have to do this.
I also however agree with the other posts, that you should talk with your
users about their needs, before you start putting extreme security
measures in place.
I hope this helps...
- Previous message: Unruh: "Re: how to restrict user from running some downloaded prgm?"
- In reply to: Guagua: "how to restrict user from running some downloaded prgm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
