[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Basic Questions

Robert Arkiletian wrote:


When I want to restrict a program to a certain group. For example only allow a certain group to run firefox.

1) create a new group called firefox (system-config-users)
2) Add firefox group to all who you wish permission to run it
3) change group of firefox binary to firefox (chgrp firefox /usr/bin/firefox)
4) change permission of firefox binary (chmod 754 /usr/bin/firefox)

Note that this will only prevent people from running that particular firefox executable. To keep people from running the installed firefox you'll also need to remove the 'other' read permission (chmod 750) or they can just cp the binary elsewhere and execute that. Also, in the particular case of firefox, /usr/bin/firefox is usually a shell script or a symlink to a shell script in which case it can still be "executed" even without execute permission by running 'bash /usr/bin/firefox'. To truly restrict execution to a specific group you'll need to chmod 750 the real executable (/usr/lib/firefox*/firefox-bin).


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]