Question about Users

hgallo · July 23, 2009, 2:14pm

Does Linux have a user account that only allows access to the Internet and denies access to everything else? In other words don’t want anyone snooping around on the konsole or even worse my /etc

Thanks…

cjcox · July 23, 2009, 5:21pm

On Thu, 2009-07-23 at 12:16 +0000, hgallo wrote:
> Does Linux have a user account that only allows access to the Internet
> and denies access to everything else? In other words don’t want anyone
> snooping around on the konsole or even worse my /etc

No, it does not. However, it may be possible to create such a bottled
up environment pretty easily using AppArmor. But you would have to
create the profile.

How? Well… you’d profile a person’s login shell and use AppArmor’s
profile wizard to point an click your way to something that restricts
the user.

Getting a graphical desktop environment and going the AppArmor thing
might be somewhat tough. Desktop environments allow a LOT of different
things. Likely there will be too much info for most people to deal with
with regards to determing what is needed and what is not needed.

There are other possibilities. For example, you could create a user
that can only log in graphically and protect their settings such that
the only thing that comes up is a browser… this may be prettier and
even easier to setup (AppArmor could be difficult because of need for
X11).

Lots of possibilities. None of this would be “beginner” oriented
though. Would take a fairly experienced person I imagine to do this
well. Could mean combining many techniques.

Also, you’d have to define what Internet use means? Can the user do
multimedia, download files, etc.? Just developing the policy could take
a lot of time.

This one is tougher than it sounds…

baskitcaise · July 23, 2009, 9:20pm

hgallo adjusted his/her AFDB on Thursday 23 Jul 2009 13:16 to write:

>
> Does Linux have a user account that only allows access to the Internet
> and denies access to everything else? In other words don’t want anyone
> snooping around on the konsole or even worse my /etc
>
> Thanks…
>
>

Have a look here this might be right up your street.

http://en.opensuse.org/Kiosktool

I have not used this but I should think you can lock down to just browsing
so you have just a Cyber cafe type of environment.

Allso used in conjunction with user permissions and group menberships you
could do it quite easily.

HTH

–
Mark
Caveat emptor
Nullus in verba
Nil illegitimi carborundum

hgallo · July 23, 2009, 9:49pm

Ill give it a try and let you know the outcome.

Thanks

hgallo · July 29, 2009, 12:50am

Yes it is right up my street lol. Thanks I would look into that.