Page 1 of 1

How restrict APT/synaptic to list of packages?

PostPosted: 2019-06-15 02:36
by bester69
Hi,

I was wondering, How do you do to restrict ,prevent differnt tasks/possibilies for a non root user ..

For example, I would like to know.:
1-A User can only install/remove some packages-....He can remove /install any package but some few of them, which are blocked by root to the regular user.
Here, I tried with sudoers allowing only to run apt-get to that user.: user ALL=(ALL:ALL) /usr/bin/apt-get , and using apt-mark hold to trying to block some packages to sudoers user, but apt-mark(root) doesnt prevent apt-get(sudo) from removing packages.. so I dont know how do you do to get it done. :roll:

Any help, would be really appreciate it. :roll:

Re: How restrict APT/synaptic to list of packages?

PostPosted: 2019-06-15 20:04
by pylkko
Never have I done this and most systems that I have known with restricttions on installing work so that non privileged userz ask an admin to install what they need.

However, wouldn't it work if there were a systemd path which monitors user input. First you would have a whitelist of programs that users are allowed to install. Then a service that compares the changes to the path made by the user to the whitelist and calls apt.

Setup a installer.path to monitor a path of your choice for new file names. Then have it launch a comparison service tnch o check the whitelist and either install or reject. The path could work so that when a non-privileged user wants to install a package,they touch a file of the same name as the package into the monitored path. Systemd will immediately notice the change and the name, launch a service or script to install.

There might be more elegant way to do this,but I think this should work.