Re: Restrict user to specific window-manage

To: debian-user@lists.debian.org
Subject: Re: Restrict user to specific window-manage
From: David Fokkema <dfokkema@ileos.nl>
Date: Tue, 27 May 2003 19:03:43 +0200
Message-id: <[🔎] 20030527170343.GA3538@sirius.ileos.home>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] m3of1otuj2.fsf@norges-bank.no>
References: <[🔎] 20030527113836.GA4649@twix.ranulf.dyndns.org> <[🔎] 20030527120229.GA10674@nebula.ileos.home> <[🔎] m3of1otuj2.fsf@norges-bank.no>

On Tue, May 27, 2003 at 02:59:29PM +0200, Jon Haugsand wrote:
> * David Fokkema
> > On Tue, May 27, 2003 at 01:38:36PM +0200, thomas.wallrafen@post.rwth-aachen.de wrote:
> >> Hi all!
> >> 
> >> Is there any possibility to restict a specific user
> >> to a predefined windowmanager?
> >> I've got several users here and want the guest-user
> >> to use just _one_ windowmanager.
> >> The problem is that the login process is done via
> >> kdm. So might there be a way to restrict kdm this
> >> way?
> >
> > Just curious, sorry...
> >
> > Why would you want to do that?
> 
> I can think of several reasons:
> 
> 1. Security: I.e. poor man's access control.  Include only the
>              applications that the user is allowed to run.  Better
>              leave out xterm then...

Indeed, poor man's access control. If my network was so unsafe that I
wouldn't trust guests to run app foo, would I trust my trusted users to
run it? They might easily break things, even if it wasn't their
intention to do so.

> 
> 2. User protection: Avoid the ever too often situation where users get
>              burned.  I.e. avoid the possibility where users do the
>              typical "Gee, what happens if I choose this funny little
>              rm -Rf application?"

And have them run to the administrator each time they want to remove a
file? I guess that apps which can _really_ burn users can a) burn all
users and b) are sometimes very necessary (like rm).

> 
> 3. Manager protection: Avoid the situation where new applications have
>              to be make available from all possible window manager
>              setups that are defined on every host in the company
>              network.  In particular the "me too" situation where one
>              funny application discovered in one window manager menu
>              is demanded propagated to all others.

I run debian. Probably, so does the OP. I dare say that one app found in
the depths of a wm menu is also somewhere in the others'. And if not,
just run it or add it to your personal menu.

> 
> 4. Resource protection:  Disable badly configured or programmed
>              windowmanagers that may consume memory, cpu or user's
>              working time.

Uninstall them.

> 
> 5. Company policy:  In _our_ company _everybody_ uses the same
>              application. Period.

Uninstall the rest.

> 
> 6. Parental concern:  Where the system manager thinks s/he knows best
>              what is good or bad for the users.

Don't install the 'bad' applications.

My point is that I really don't see why to restrict a subset of your
users.

(Pardon me the cynical tone of this post, not intended :-)

David

Reply to:

References:
- Restrict user to specific window-manage
  - From: thomas.wallrafen@post.rwth-aachen.de
- Re: Restrict user to specific window-manage
  - From: David Fokkema <dfokkema@ileos.nl>
- Re: Restrict user to specific window-manage
  - From: Jon Haugsand <Jon-H.Haugsand@norges-bank.no>

Prev by Date: Re: M$ licenses Unix
Next by Date: Re: usb flash drive problem - module problem?
Previous by thread: Re: Restrict user to specific window-manage
Next by thread: Re: Restrict user to specific window-manage
Index(es):
- Date
- Thread