Password protecting Settings manager in XFCE

Hi all,

I am using opensuse 13.1 with XFCE DE. I want to password protect a Settings Manager for all the users. Is there a way to do it. Please suggest me the way to do it.

Thanks.

You’ll need to describe exactly what you want to do, not ask a general question.

A general answer to your general question…
It’s probably possible, but “it depends.” Especially in Linux, a GUI Manager is usually only a frontend to functionality still accessible “the old way” using CLI. So, password protecting the “Manager” won’t stop anyone but the most newbie and unresourceful.

There are various ways to apply security either at the file level or app level, usually configurable to be applied to User and Group accounts.

TSU

Sorry for the delayed reply. Whenever I try to launch the settings manager it should be asking the password.

Why?

The changes you make affect only you. There’s no need to require a password.

In my company multiple users use the same computer in different shifts. So I don’t want the users to access settings manager.

When they are realy different users, they can’t change the settngs of other users.

When they are in fact perrsons using the same username/password, you are on the wrong path. Every person should have his/her own username (userid) and password and never log in with an other person’s credentials. That is where al security in Unix/Linux is based on, including the impossibillity to change someone else’s settings.

Thanks for the info. But I don’t want users to change startup programs and resolution etc.

XFCE I don’t know

Then change the owner ship of the settings files. Say it is a KDE desktop sett it up then change ownership of ~/.kde4 to root. copy this to all users you want to lock. Note it may make some config programs crash if a change is attempted.

Also there are kiosk configuration that keep users from changing anything.

But even so each user should have their own account. it is the best policy.

Personally I don’t see any reason not to let users configure things as they would prefer. each to his own.

https://techbase.kde.org/KDE_System_Administration/Kiosk/Introduction

This may or may not apply but it should give you at least the theory

I am using XFCE and could you please tell me about the kiosk configuration.

Also I have tried setting the password with the following command.

#xdg-su -u $USER -c xfce4-settings-manager

This takes the same password for both login and the above command.

Here is a howto for XFCE

https://wiki.xfce.org/howto/kiosk_mode

easy yo look it up on Google

I have already changed the permissions of ~/xfce4/xfconf/xfce-perchannel-xml from read-write to read only but that does not restrict users from changing startup programs,resolution and some custom launchers such as disabling USB.

Would simply removing the menu entry be sufficient?

The menu entry of course is only a shortcut so a persistent User would still be able to access the settings manager by other means (like CLI) or make configuration changes directly without the settings manager, but if your User isn’t that persistent or familiar with what’s happening below the surface, IMO this would be a simple and possibly effective solution.

If the numbers of machines are small, you could manually remove the entry for each one by physically touching each machine.

Conceivably, removing could also be done by script.
Or, if you can find a User Policy on each machine, could be pushed that way, too.

If you remove by script, I’d recommend you create an “undo” script that re-inserts the menu entry quickly and easily should you want to do so.

TSU

On 03/08/2015 05:36 PM, tsu2 wrote:
>
> Would simply removing the menu entry be sufficient?
>
> The menu entry of course is only a shortcut so a persistent User would
> still be able to access the settings manager by other means (like CLI)

Simply change their login shell to /dev/null and they won’t be able to
use an CLI.

And some users may need to change the resolution because of their eye site.

Ken

(I would prefer /bin/false)

And then you have to remove Enter Command from the main menu because using it with

konsole -e /bin/bash

will work (as expected by me).

No, these things are only doable when using a Kiosk (like) environment, else there will always be holes.

Mount the entire xfce directory as read only or change the permissions to root.root with read permissions for users. May need some fine grained tweaking to see if xfce needs to write to some temporary file.

Or use temporary filesystem that appears read/write but is in fact read only so any changes made to it will vanish upon exit/reboot/remount.

Just a thought.

Thanks for all your replies. I have already blocked the access to CLI and I will check changing the permissions of ~/.config folder.