Graphicall Desktop (with Restricted Shell)

If none of the more specific forums is the right place to ask

Graphicall Desktop (with Restricted Shell)

Postby bester69 » 2019-09-13 01:32

Hi,
Ive seen theses two article about, How can I restrict the normal user to run only limited set of commands
https://access.redhat.com/solutions/65822
https://www.ostechnix.com/how-to-limit- ... ux-system/

in one of them he impose theses rules and restrictions:
>>The Restricted Shell will limit the users from executing most commands and from changing the current working directory.

>>The Restricted Shell will impose the following restrictions to the users.
    It will not allow you to execute cd command. So you can’t go anywhere. You can simply stay in the current working directory.
    It will not allow you to modify the values of $PATH, $SHELL, $BASH_ENV, or $ENV environmental variables.
    It will not allow you to execute a program that contains a /(slash) character. For example, you can’t run /usr/bin/uname or ./uname command. You can however execute uname command. In other words, you are allowed to run the commands in the current path only.
    You can’t redirect the output using ‘>’, ‘>|’, ‘<>’, ‘>&’, ‘&>’, and ‘>>’ redirection operators.
    It will not allow you to get out of the restricted shell mode within scripts.
    It will not allow you to turn off restricted shell mode with ‘set +r’ or ‘set +o restricted’.
---------------------------------------------------------------

:?:
So, My question with all that previoulsy seen,
Can we implement a worthy Graphicall Restricted Shell experience... so that, the user can only run some whitelisted Apps in the Graphicall desktop... I meant I would like to develop a user experience in which, the user can only run some whitelisted apps, and nothing else, neither a portable application.. so user perhaps, cant create folders, move files, move around... something very, very restricted, but at the same time workable.


So, what do you think, how do you implement this kind of solution? :?:
Thanks.
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1485
Joined: 2015-04-02 13:15

Re: Graphicall Desktop (with Restricted Shell)

Postby pylkko » 2019-09-13 09:24

you're really gettin nazi on them kids...

But, consider this: there are some ready-made web kiosk linux distribution images. You know, the kind that you see in malls and airports, where the device allows a person to view information or launch a handful of apps but make essentially no permanent changes, install nothing, write no files etc.

Another easy way is to use one of these non-persistent images, where the user perhaps has some rights, but the install is read-only with a temporary write layer overlayed, so that if the machine is rebooted, all changes get reverted.
User avatar
pylkko
 
Posts: 1584
Joined: 2014-11-06 19:02

Re: Graphicall Desktop (with Restricted Shell)

Postby bester69 » 2019-09-13 14:01

Ok, I see

I think this is the way to Go.:
http://tuxdiary.com/2014/11/05/linux-di ... or-kiosks/

I didnt know abou kiosks and Cafes distros.

thanks a lot,
Last edited by bester69 on 2019-09-13 22:49, edited 1 time in total.
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1485
Joined: 2015-04-02 13:15


Return to General Questions

Who is online

Users browsing this forum: No registered users and 34 guests

fashionable