Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

How restrict APT/synaptic to list of packages?

Off-Topic discussions about science, technology, and non Debian specific topics.
Post Reply
Message
Author
User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

How restrict APT/synaptic to list of packages?

#1 Post by bester69 »

Hi,

I was wondering, How do you do to restrict ,prevent differnt tasks/possibilies for a non root user ..

For example, I would like to know.:
1-A User can only install/remove some packages-....He can remove /install any package but some few of them, which are blocked by root to the regular user.
Here, I tried with sudoers allowing only to run apt-get to that user.: user ALL=(ALL:ALL) /usr/bin/apt-get , and using apt-mark hold to trying to block some packages to sudoers user, but apt-mark(root) doesnt prevent apt-get(sudo) from removing packages.. so I dont know how do you do to get it done. :roll:

Any help, would be really appreciate it. :roll:
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
pylkko
Posts: 1802
Joined: 2014-11-06 19:02

Re: How restrict APT/synaptic to list of packages?

#2 Post by pylkko »

Never have I done this and most systems that I have known with restricttions on installing work so that non privileged userz ask an admin to install what they need.

However, wouldn't it work if there were a systemd path which monitors user input. First you would have a whitelist of programs that users are allowed to install. Then a service that compares the changes to the path made by the user to the whitelist and calls apt.

Setup a installer.path to monitor a path of your choice for new file names. Then have it launch a comparison service tnch o check the whitelist and either install or reject. The path could work so that when a non-privileged user wants to install a package,they touch a file of the same name as the package into the monitored path. Systemd will immediately notice the change and the name, launch a service or script to install.

There might be more elegant way to do this,but I think this should work.

Post Reply