Hi,
I was wondering, How do you do to restrict ,prevent differnt tasks/possibilies for a non root user ..
For example, I would like to know.:
1-A User can only install/remove some packages-....He can remove /install any package but some few of them, which are blocked by root to the regular user.
Here, I tried with sudoers allowing only to run apt-get to that user.: user ALL=(ALL:ALL) /usr/bin/apt-get , and using apt-mark hold to trying to block some packages to sudoers user, but apt-mark(root) doesnt prevent apt-get(sudo) from removing packages.. so I dont know how do you do to get it done.
Any help, would be really appreciate it.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
How restrict APT/synaptic to list of packages?
Re: How restrict APT/synaptic to list of packages?
Never have I done this and most systems that I have known with restricttions on installing work so that non privileged userz ask an admin to install what they need.
However, wouldn't it work if there were a systemd path which monitors user input. First you would have a whitelist of programs that users are allowed to install. Then a service that compares the changes to the path made by the user to the whitelist and calls apt.
Setup a installer.path to monitor a path of your choice for new file names. Then have it launch a comparison service tnch o check the whitelist and either install or reject. The path could work so that when a non-privileged user wants to install a package,they touch a file of the same name as the package into the monitored path. Systemd will immediately notice the change and the name, launch a service or script to install.
There might be more elegant way to do this,but I think this should work.
However, wouldn't it work if there were a systemd path which monitors user input. First you would have a whitelist of programs that users are allowed to install. Then a service that compares the changes to the path made by the user to the whitelist and calls apt.
Setup a installer.path to monitor a path of your choice for new file names. Then have it launch a comparison service tnch o check the whitelist and either install or reject. The path could work so that when a non-privileged user wants to install a package,they touch a file of the same name as the package into the monitored path. Systemd will immediately notice the change and the name, launch a service or script to install.
There might be more elegant way to do this,but I think this should work.